469,568 Members | 1,498 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,568 developers. It's quick & easy.

submit button

How can I disable a submit button for a form if JS is disabled. In other
words, JS must be enabled to submit the form.

Thanks

Harvey

--

http://righttax/blog
Dec 1 '06 #1
11 1997
Harvey Waxman wrote:
How can I disable a submit button for a form if JS is disabled. In other
words, JS must be enabled to submit the form.
The submit button isn't your problem, if it was, the solution would be
trival. Write the button using javascript, say document.write() it.

But some (most?) browsers can submit a form without a submit button.
Some solutions:

1. Create the entire form using javascript

2. Create the form in HTML with display: none and then
change that to display:'' using script, e.g.:

<form id="formA" style="display: none;" >
<input type="text" value="formA">
...
</form>
<script type="text/javascript">
document.forms['formA'].style.display = '';
</script>
Assuming appropriate feature detection etc.
--
Rob

Dec 1 '06 #2
VK

Harvey Waxman wrote:
How can I disable a submit button for a form if JS is disabled. In other
words, JS must be enabled to submit the form.
<form ...>
....
<script type="text/javascript">
document.writeln('<input type="submit">');
</script>
<noscript>
<span style="color:red">Your message</span>
</noscript>
</form>

Dec 1 '06 #3
VK
Harvey Waxman wrote:
How can I disable a submit button for a form if JS is disabled. In other
words, JS must be enabled to submit the form.

<form ...>
...
<script type="text/javascript">
document.writeln('<input type="submit">');
</script>
<noscript>
<span style="color:red">Your message</span>
</noscript>
</form>
Though I'm considering more user friendly to show some general
hard-to-miss warning atop of it:
<http://groups.google.com/group/comp.infosystems.www.authoring.stylesheets/msg/2f90dbab58ed02a7>

Dec 1 '06 #4
I hope you're not doing this as a security measure, since it will be
possible to submit the form no matter *how* the submit button is
customized.

Dec 1 '06 #5
In article <11*********************@16g2000cwy.googlegroups.c om>,
"Joseph Taylor" <Jo******@gmail.comwrote:
I hope you're not doing this as a security measure, since it will be
possible to submit the form no matter *how* the submit button is
customized.
Thanks

It's more of a nuisance measure. If the form and the asp are in subdirectories
and paths are relative to the document wouldn't that directory be unknown to
the spammer making it impossible to send from anyplace else?

--
Dr. Harvey Waxman

http://righttax.org/blog
Dec 1 '06 #6
I'll work with that and see. Thanks for the suggestion

In article <11**********************@79g2000cws.googlegroups. com>,
"RobG" <rg***@iinet.net.auwrote:
Harvey Waxman wrote:
How can I disable a submit button for a form if JS is disabled. In other
words, JS must be enabled to submit the form.

The submit button isn't your problem, if it was, the solution would be
trival. Write the button using javascript, say document.write() it.

But some (most?) browsers can submit a form without a submit button.
Some solutions:

1. Create the entire form using javascript

2. Create the form in HTML with display: none and then
change that to display:'' using script, e.g.:

<form id="formA" style="display: none;" >
<input type="text" value="formA">
...
</form>
<script type="text/javascript">
document.forms['formA'].style.display = '';
</script>
Assuming appropriate feature detection etc
--
Harvey Waxman DMD

(remove thefrown to email)
http://righttax/blog
Dec 1 '06 #7
In article <11*********************@16g2000cwy.googlegroups.c om>,
"Joseph Taylor" <Jo******@gmail.comwrote:
I hope you're not doing this as a security measure, since it will be
possible to submit the form no matter *how* the submit button is
customized.
I just realized that the full path is available in the address bar :-

--
Harvey Waxman DMD
73 Wright Lane
Wickford, RI 02852
(remove thefrown to email)
http://righttax/blog
Dec 1 '06 #8
VK
Joseph Taylor wrote:
I hope you're not doing this as a security measure, since it will be
possible to submit the form no matter *how* the submit button is
customized.
Doing what? Please provide a minimum quote of what are you replying to.

In relevance to <noscriptblocks they do not prevent users from
reverse engineering the obtained page and say still submit the form;
all what <noscriptblock can do is to alert users that some important
functionality is missing (say data update over ajaxoids is not
possible) and that they should not use the page in the state it is
right now. Will user follow this warning or will she attempt to hack
your source is out of your control. This way an additional server-side
check is highly suggested is any case.

Dec 1 '06 #9
In article <11**********************@j72g2000cwa.googlegroups .com>,
"VK" <sc**********@yahoo.comwrote:
Joseph Taylor wrote:
I hope you're not doing this as a security measure, since it will be
possible to submit the form no matter *how* the submit button is
customized.

Doing what? Please provide a minimum quote of what are you replying to.

In relevance to <noscriptblocks they do not prevent users from
reverse engineering the obtained page and say still submit the form;
all what <noscriptblock can do is to alert users that some important
functionality is missing (say data update over ajaxoids is not
possible) and that they should not use the page in the state it is
right now. Will user follow this warning or will she attempt to hack
your source is out of your control. This way an additional server-side
check is highly suggested is any case.
Sorry, just tried to save some space.

I understand that this is a losing battle, that determined hackers can continue
to offer me tons of viagra etc.

Still, I'm trying to learn. What I'd like to do is to have an asp validation
for one field that will reject a submission but I haven't been able to get it
to work. The form never gets submitted so I obviously have copied or placed
the code incorrectly. Here is the asp code
<%
Validated_Form = true
IF st <"RI" THEN
Validated_Form = false
END IF

IF NOT Validated_Form THEN
%>
<HTML>
<BODY>
Error. Click back in your browser and activate Javascript.
</HTML>
</BODY>

<%
ELSE
Dim name,address,city,st,email,show,comments
name = Request.Form("name")
address = Request.Form("address")
city = Request.Form("city")
st = Request.Form("st")
email = Request.Form("email")
comments = Request.Form("comments")
show = Request.Form("show")
Dim ObjMail
Set ObjMail = Server.CreateObject("CDONTS.NewMail")
ObjMail.To = "xx***@xxx.xxx"
ObjMail.From = "xx***@xxx.xxx"
ObjMail.Subject = "Petition"
ObjMail.Body = "Name" & vbtab & name & vbcrlf&_
"Address" & vbtab & address & vbcrlf&_
"City" & vbtab & city & vbcrlf&_
"State" & vbtab & st & vbcrlf&_
"Email" & vbtab & email & vbcrlf&_
"Add Name?" & vbtab & show & vbcrlf&_
"Comments" & vbtab & comments
ObjMail.Send
Set ObjMail = Nothing
Response.Write"Thank You"
%>
<HTML>
<BODY>
<B>Thank you for filling out the form!</B>
<BR><BR>
</body></html>
<%
END IF
%>

Thanks

--
Harvey Waxman
remove spam to email
http://righttax.org/
Dec 1 '06 #10
VK

Harvey Waxman wrote:
I understand that this is a losing battle, that determined hackers can continue
to offer me tons of viagra etc.

Still, I'm trying to learn. What I'd like to do is to have an asp validation
for one field that will reject a submission but I haven't been able to get it
to work.
If you want to complicate spammers life a little bit and if you are OK
with rendering your form useless without script support, then you could
obfuscate action attribute:

function setFormAction() {
document.forms['MyForm'].action = realURL;
}
window.onload = setFormAction;
....
<form name="MyForm" action="go_away_nasty_spammer">
....

But of course it's all baby toys :-) A real automated spam protection
can be made only server-side by generating sessionID, verification
number and obfuscated picture with verification number. Then you send
both picture and sessionID to client, on submit finding the relevant
verification number by sessionID and checking it agains the user input.

JavaScript is not of big help here.

Dec 1 '06 #11
Understood, thanks

In article <11*********************@j72g2000cwa.googlegroups. com>,
"VK" <sc**********@yahoo.comwrote:
Harvey Waxman wrote:
I understand that this is a losing battle, that determined hackers can
continue
to offer me tons of viagra etc.

Still, I'm trying to learn. What I'd like to do is to have an asp
validation
for one field that will reject a submission but I haven't been able to get
it
to work.

If you want to complicate spammers life a little bit and if you are OK
with rendering your form useless without script support, then you could
obfuscate action attribute:

function setFormAction() {
document.forms['MyForm'].action = realURL;
}
window.onload = setFormAction;
...
<form name="MyForm" action="go_away_nasty_spammer">
...

But of course it's all baby toys :-) A real automated spam protection
can be made only server-side by generating sessionID, verification
number and obfuscated picture with verification number. Then you send
both picture and sessionID to client, on submit finding the relevant
verification number by sessionID and checking it agains the user input.

JavaScript is not of big help here.


--
Harvey Waxman
remove spam to email
http://righttax.org/
Dec 2 '06 #12

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by reneecccwest | last post: by
15 posts views Thread by JR | last post: by
4 posts views Thread by Dmitry Korolyov [MVP] | last post: by
3 posts views Thread by Jeff | last post: by
7 posts views Thread by David T. Ashley | last post: by
7 posts views Thread by Bjorn Sagbakken | last post: by
reply views Thread by suresh191 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.