guest book filter OT?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

It looks like I might have to write a simple guest book, it's for a
Funeral Home. Now, I've never  needed to write one, but I can see
several potential problems. Dealing with spurious or spam submissions,
and then dealing with the contents.

I can see a few ways to deal with potential spam:

1) Captcha
2) A two  step process spread over two pages
3) Only allow submissions with javascript enabled browsers
4) post online only after an email confirmation

   And I can see a few ways to deal with the content.

1) Use a simple version of an html editor like TinyMCE which does not
allow you to insert your own html.

2) Use a Beysian Filter.

3) use a textrea and convert all content with html entities

4) Set up a few rules and regex filter out scripts, both javascrript and

   Thoughts? Plan B?


Re: guest book filter OT?

Quoted text here. Click to load it

My first thought?  Forget automation.  For something as sensitive as
this, make all posts human moderated. It's not worth taking the risk.

I have one, if you don't want to write it from scratch.
Geoff Berrow (Put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs

Re: guest book filter OT?

Quoted text here. Click to load it

Absolutely right. To the OP: If the risk is not immediately obvious, consider
that _not one_ of the technical methods you proposed would stop someone from
posting something like "I hated that rotten bastard, and the only reason I'm
coming to the funeral is to make sure he's really dead." No scripts. No HTML.
No malware. But it's malicious as hell.

Re: guest book filter OT?

Doug Miller wrote:
Quoted text here. Click to load it

   OK. That will be my recommendation to the client.

   And, thanks for the script offer Geoff. I think all I will need to do
is tie in the obit id with the guest book as the filtering is human
related. Unless I've missed something.


Re: guest book filter OT?

El 22/02/2010 14:26, jeff escribió/wrote:
Quoted text here. Click to load it

It depends on what you want to protect the guest book from. Captchas are
good to tell humans apart and e-mail confirmation is good to prevent
manual spam by humans. I'm not sure about what the two others methods
are aimed to :-?

Quoted text here. Click to load it

You can accept HTML or not, but you can't control what HTML tags are
sent by the client. As soon as you install TinyMCE you'll learn how many
users simply paste from Microsoft Word. You can, however, implement a
server-side HTML parser to purify the input; actually, you *should* do
so if you want to inject third-party HTML into the site.

HTML entities make sense if you expect plain text.

Again, it all depends on what worries you: you've described very
different techniques.

Whatever, IMHO a funeral home requires:

- Plain text (we don't want condolences in funny colourful fonts).
- Some sort of e-mail confirmation or moderation queue (we don't v1agr4
in grandpa's book)

-- - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web:
-- Mi web de humor satinado:

Site Timeline