If i use javascript submit()
method to submit a form, the form will only be posted with javascript enabled, but i want make sure that is actually true.
So my question is, do i need to do php validation because that might be some vulnerabilities i might not know about ? Is that enough ?
javascript submit()是否会停止php验证的必要性?
- 写回答
- 好问题 0 提建议
- 追加酬金
- 关注问题
- 邀请回答
-
5条回答 默认 最新
- douyi9787 2013-12-21 12:56关注
So my question is, do i need to do php validation because that might be some vulnerabilities i might not know about ?
Yes, you do. You can't blindly trust anything coming from the client, it can be entirely spoofed.
Off-the-cuff ways I could spoof what you're describing:
- A bookmarklet that changed form values and then did the submission
- Sending the HTTP request using curl or similar
- Using the JavaScript console to modify values before sending
I'm sure there are others.
Here's an example of just how easy the bookmarklet is:
javascript:(function(){var f=document.forms[0],e=f&&f.elements[0];if(e){e.value="My nefarious value";f.submit();}})();
That sets the value of the first element on the first form of the page to "My nefarious value" and submits the form.
本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏 举报
悬赏问题
- ¥15 在不同的执行界面调用同一个页面
- ¥20 基于51单片机的数字频率计
- ¥50 M3T长焦相机如何标定以及正射影像拼接问题
- ¥15 keepalived的虚拟VIP地址 ping -s 发包测试,只能通过1472字节以下的数据包(相关搜索:静态路由)
- ¥20 关于#stm32#的问题:STM32串口发送问题,偶校验(even),发送5A 41 FB 20.烧录程序后发现串口助手读到的是5A 41 7B A0
- ¥15 C++map释放不掉
- ¥15 Mabatis查询数据
- ¥15 想知道lingo目标函数中求和公式上标是变量情况如何求解
- ¥15 关于E22-400T22S的LORA模块的通信问题
- ¥15 求用二阶有源低通滤波将3khz方波转为正弦波的电路