-1

Context

I built a Contact Form for my website (view in: English/ German / French).

It requires people to input a name, email, subject and message.

The subject can be chosen using a HTML select element:

<select name="subject">
  <option>General Inquiry</option>
  <option>Cooperation</option>
  <option>Press</option>
  <option>Education</option>
</select>

Question

Somebody contacted me. He used a subject different from the options I provided.

How is it possible to input / select an option into the form that is not provided as an option?

If we find this out we could also consider some counter-measures to prevent illegal or unexpected options.

Related

  • HTML select form with option to enter custom value (link).
finnmglas
  • 1,626
  • 4
  • 22
  • 37
  • So you need additional input field that will append value to select element? – Justinas May 13 '20 at 07:24
  • I need to know how somebody managed to chose an option from the select that I did not provide ^^ – finnmglas May 13 '20 at 07:25
  • 3
    You can easily change the code of your html using page inspect (Chrome) or something similar. The best counter measure would be to validate the request before you process it. – Ebenezer Isaac May 13 '20 at 07:25
  • to prevent this you have to implement proper backend validation to check for the subject field value sent to the backend. – ROOT May 13 '20 at 07:28
  • You can bypass your UI and just use cUrl or Postman, then your back-end must validate input – Justinas May 13 '20 at 07:32

1 Answers1

0

This can be easily done! You can inspect the select element (Chrome) or another browser and change the value of the select options.

If you want to prevent this you need to validate the input in the backend before performing another action.