Apple/Safari user inserting unwanted Carriage Returns (int..

Brian Wakem wrote:
> ship wrote:
> > Hi
> >
> > We have the problem that Apple/Safari user seem to be able to somehow
> > insert
> > Carriage Returns into single line fields.
> >
> > Has anyone else had this problem?
> > Any idea what they are doing & how we can stop the problem?!
> >
> > With thanks
> >
> >
> > Ship
> > Shiperton Henethe
> >
>
>
>
> Anyone can submit anything they like for any field.
>

Well.. not without a hack. Unless you hack the users input form, how
would you submit, say, a DVD video into a radio button?
 >> Stay informed about: Apple/Safari user inserting unwanted Carriage Returns (int.. 

Yes most likely it's a multi-paste that causes the problem -
though we cant duplicate the problem on our Apple running Safari!

This is only happening in an address-capturing field.

But does this mean that if we want our reports to work correctly
(i.e. single line fields need to result in single lines in reports)
then we need to specifically remove all breaks from all data ever being
caputured?

Ship
Shiperton Henethe
 >> Stay informed about: Apple/Safari user inserting unwanted Carriage Returns (int.. 

SpaceGirl wrote:
> Brian Wakem wrote:
>> ship wrote:
>>> Hi
>>>
>>> We have the problem that Apple/Safari user seem to be able to somehow
>>> insert
>>> Carriage Returns into single line fields.
>>>
>>> Has anyone else had this problem?
>>> Any idea what they are doing & how we can stop the problem?!
>>>
>>> With thanks
>>>
>>>
>>> Ship
>>> Shiperton Henethe
>>>
>>
>>
>> Anyone can submit anything they like for any field.
>>
>
> Well.. not without a hack. Unless you hack the users input form, how
> would you submit, say, a DVD video into a radio button?
>

Send the binary as post information with the same name as the form field.
 >> Stay informed about: Apple/Safari user inserting unwanted Carriage Returns (int.. 

SpaceGirl wrote:
> Brian Wakem wrote:

>> Anyone can submit anything they like for any field.

> Well.. not without a hack. Unless you hack the users input form, how
> would you submit, say, a DVD video into a radio button?

This is a bit of a misuse of the term "hack". Any C, perl, python or PHP
programmer has easy access to web runtime libraries that allow the
submission of form info from a program. There are very good reasons
for doing this. A bit of software can be millions of times cheaper and
faster than hiring a human to sit at a computer and laboriously fill in
zillions of web forms. So people (like me get hired to write a program
to do the job. If a site is only accessible via the web, that's what you do.

A program that submits a web form to a server can (and often does, at
least in early releases) send any sort of garbage for any form field.

There's also the problem of a form that gets changed without warning,
and a program fills in the fields in a way that would have been correct
for the earlier version. This is an ongoing headache, but it's really not
much different than any of the traditional ways of miscommunication
that we humans have worked out in the past.

None of this really qualifies as hackery. It's just software development.
 >> Stay informed about: Apple/Safari user inserting unwanted Carriage Returns (int.. 

In article <ALydnVVG-rmWVcfZ4p2dnA DeleteThis @speakeasy.net>,
John Chambers <jcsd DeleteThis @speakeasy.net> wrote:

> SpaceGirl wrote:
> > Brian Wakem wrote:
>
> >> Anyone can submit anything they like for any field.
>
> > Well.. not without a hack. Unless you hack the users input form, how
> > would you submit, say, a DVD video into a radio button?
>
> This is a bit of a misuse of the term "hack".

But if someone does it intentionally, especially with the intent to
confuse the script that processes the form input, it's a hack.

--
Barry Margolin, barmar DeleteThis @alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
 >> Stay informed about: Apple/Safari user inserting unwanted Carriage Returns (int.. 

Hi theSpaceGirl (miranda)

Are you recommending that we all to ALL this pre-processing on ALL
fields of ALL forms, then?!

Out of interest have you actually come across people submitting
SQL commands ?!

And if so doesnt this lead to rather clumbsy slow data-capture forms?
....or do you still think it is it worth it in any case?


Ship
Shiperton Henethe
 >> Stay informed about: Apple/Safari user inserting unwanted Carriage Returns (int.. 

shiphen wrote:
> Hi theSpaceGirl (miranda)
>
> Are you recommending that we all to ALL this pre-processing on ALL
> fields of ALL forms, then?!

Yep, without a doubt. If you dont, it's just asking for trouble --
especially when it's really simple to do.

>
> Out of interest have you actually come across people submitting
> SQL commands ?!
>

Yep

> And if so doesnt this lead to rather clumbsy slow data-capture forms?
> ...or do you still think it is it worth it in any case?

It's not as complicated as it sounds - you can write a single function
that is run to clean-up each form field before you deal with it. The
function only needs to written once, and then you can run that function
against each field.

Okay here's a chunk of ASP psuedo-code that would handle the form
fields:

' CODE
function processFields(userInput)
userInput=replace(userInput,"<", "")
userInput=replace(userInput,"'", "")
userInput=replace(userInput,"""", "")
userInput=replace(userInput,chr(13), "")
userInput=replace(userInput,chr(10), "")
userInput=replace(userInput,"swearword", "")
'... add as many replacements as you like
processFields = userInput
end function

' END CODE

So, then we can just process each field:

'CODE
username=processFields(request("username_field_from_form"))
password=processFields(request("password_field_from_form"))
city=processFields(request("city_field_from_form"))
'END CODE

So, it's really simple to process hundreds of fields instantly "pre"
validating them, stripping any hacks or bad data. This is of course all
possible in any language you true, and all runs at the server not the
client so CANNOT be bypassed by a user (or hacker!).

Hope that helps!
 >> Stay informed about: Apple/Safari user inserting unwanted Carriage Returns (int.. 

ship wrote:
> Hi
>
> We have the problem that Apple/Safari user seem to be able to somehow
> insert
> Carriage Returns into single line fields.
>
> Has anyone else had this problem?
> Any idea what they are doing & how we can stop the problem?!
>
> With thanks
>
>
> Ship
> Shiperton Henethe

I suspect this is related to the way that Safari handles tables --
different than Firefox, Netscape and IE. The last three named browsers
will hold a table in tact (only one CR at the end of line) so that it
can be pasted, for example, into Excel as a table. Safari throws in a
CR after every field.

I complained to Apple about this a couple of years ago. The longer
they wait to get compatible with the other browsers, the bigger the
hassle....

Bill
 >> Stay informed about: Apple/Safari user inserting unwanted Carriage Returns (int..