Skip navigation links
IT services and product development
Menu
TwoLogs
IT services and product development

Test your web form

Introduction

This page allows you to test your web forms for all sorts of input.  Normally, your browser will restrict what data you can enter in the form.  For instance, one-line text fields cannot contain more than one line, and some fields are hidden and can thus not be changed.  However, publically accessible forms will eventually be picked up by automated programs that scan the Internet for vulnerable forms.  They send the form's data directly to your web site script and therefore have no restrictions on what can be entered in the form, thus for instance being able to change hidden form values and bypassing the one-line-per-field restriction a normal browser would impose on form data.  It can thus be vital to test your form for all sorts of (invalid) input.  You can use this test form to remove some restrictions in your web forms so you can manually check your forms for all sorts of (invalid) input.

Sending spam e-mails via web forms

A notorious and more sinister example of what unsecure web forms are capable of is that they can be hi-jacked by spam robots.  If your web form sends out e-mails via your web server (like most contact forms do; they convert the text the user entered into an e-mail addressed to you), it can be vulnearble to spam relay activity.  When a spam robot scans your web form and discovers it's vulnerability, your web server will likely transform into a spam sending machine thus sending spam out in your name.  This might even get your e-mail address or web domain black-listed as a result.  More background information about this threat can be read on our spam robot page.

How to use this test form

This test form will load your own form, make a copy of it, modify the fields according to the settings you specify, and shows you the modified form in a new window.  You can then test your form submission script for all sorts of (invalid) input.  The modified form will probably be fully functional; if not, please contact us with details on what is not functional in your case.

Note: the modifications to your form will not be done by our server, but instead some additional javascript will be inserted in the modified form.  This javascript thus runs in your own browser.  The javascript makes use of Microsoft Internet Explorer specific functionality, that is only available from version 5.0 and up.  If you do not use a compatible browser, the form might not be modified correctly.

There are several options you can specify for modifying your form.  These are:

  • Make one-line text fields multi-line: all one-line text fields (in code: <input type="text">) will be replaced by multi-line text fields (in code: <textarea>).
  • Make password fields multi-line: same as for one-line text fields, but changes all password fields instead (in code: <input type="password">).
  • Show hidden fields as multi-line fields: shows all hidden fields (in code: <input type="hidden">) as multi-line fields.
  • Disable the "body.onLoad" event: disables any code that is run from the body.onLoad event (when the page is loaded); use this e.g. when the code in your page conflicts with this test form.

Test your form

Your web form's full address *
(the entire URL; e.g. http://www.mycompany.com/contact/mailform.php)
Modification options Make one-line text fields multi-line
Make password fields multi-line
Show hidden fields as multi-line fields
Disable the "body.onLoad" event
  (opens in a new window)
* required information