具有禁用的< input type =“提交""的表单可以还是被黑客提交了? [英] Can a form with a disabled <input type="submit"> be hacked to submit anyway?

问题描述

我只是对<input type="submit" />标签的安全性感到好奇.

I'm just curious about the security of the <input type="submit" /> tag.

如果我有一个表单(带有method="post")，并且只有一个提交"按钮，该按钮已被禁用，而且我还没有编写任何会影响表单，按钮或其其他内容的JS/AJAX/jQuery，有人还能找到一种提交表单的方法吗?

If I have a form (with method="post") with just one "Submit" button, which is disabled, and I haven't written any JS/AJAX/jQuery that affects the form, the button, or its other contents, could someone still find a way to submit the form?

这是我所谈论的形式的代码:

Here's the code for a form along the lines I'm talking about:

<form method="post" action="processor.php" enctype="multipart/form-data">
<input type="text" name="foo" value="bar" />
<input type="submit" value="Submit" disabled="disabled" />
</form>

非常感谢！

推荐答案

是的，我什至不需要您的表格来提交它.我可以使用cURL或类似的库来发送POST请求，就像它来自表单一样.

Yes, I don't even need your form to submit it. I can use cURL or a similar library to just send a POST request as if it came from a form.

总是在服务器端验证所有内容，但不一定总能得到期望的结果.

Always validate everything server-side, you don't always get what you expect.

这篇关于具有禁用的< input type =“提交""的表单可以还是被黑客提交了?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！