Solved

Modifying Forms in HTML Email

Posted on 2003-12-01
7
417 Views
Last Modified: 2010-04-06
Hey, I'm trying to figure out whether it is possible to respond to an HTML form sent in an email.  I'm using a php script to send an email with some dropdown lists and text boxes.  I receive the email OK in Outlook Express, with the form elements displayed correctly.  Ideally, I'd like for a user to be able to modify a received form and hit the Reply button, which will send the form with all the user's changes and input back to our server for processing.

Is it even possible to send back a modified form via Reply?  In my tests, hitting Reply or Forward quotes the original form sent, and does not reflect changes the user may have made.  Is there a better way to have a user submit data filled out in an email form?

Any help would be appreciated!  Thanks.

0
Comment
Question by:DeathCheese
  • 3
  • 3
7 Comments
 
LVL 31

Expert Comment

by:seanpowell
ID: 9853470
Can't be done successfully, as most email clients will strip out the script required to process the form. The tried and true method is still the best - host the form on your site :-)
0
 
LVL 1

Assisted Solution

by:kellysgreen
kellysgreen earned 62 total points
ID: 9854267
Actually, I think you can do what you are asking. but let me see if I understand you correctly...

1) User1 fills out form on website, clicks submit.

2) form results are sent to Admin1 via email

3) Admin1 edits results, and submits them back to website.

To accomplish this, you should be able to format the initial email that Admin1 gets as HTML with a prope <form> </form> area, setting the action= value to the full URL to form parsing CGI on your webserver.  Sounds like that is the only thing you are missing...  then instead of Admin1 REPLYING to the email, they can just click the SUBMIT button embedded in the HTML form inside of the email.

ie:
<form action="http://mysite/formhandler.cgi">
<input name="Test" value="">
<input type="submit">
</form>
0
 
LVL 31

Expert Comment

by:seanpowell
ID: 9858298
It appears that it's this:

1) User fills out form in "email client" and clicks submit.

2) form results are sent to server for processing via email

The problem is #1. You can't do this within an email...
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 1

Expert Comment

by:kellysgreen
ID: 9858603
I dunno... it works great for me using either Mozilla or Outlook 2000 as my email client...
I just created an HTML formatted email which contains an HTML form, filled out the form & submitted the results to the web server (not a local web server either) without incident.  
0
 
LVL 31

Accepted Solution

by:
seanpowell earned 63 total points
ID: 9858642
It's because of the way your email client is set up. The latest security patches generally disable this type of scripting, so there's no way to know whether a user will be able to do this. It can be done - but it's not 100%. Indeed, it may only be 10%. Given that, the best way is to host the form on your site.

There are a number of ways to embed a form in an email that can do a "great" deal of damage - which is why the security has been tightened up :-)
0
 
LVL 1

Expert Comment

by:kellysgreen
ID: 9858779
True, but I'm running Mozilla 1.5 and a fully patched Outlook 2000.  
Also --- one can reasonably inuit that the person who is receiving these HTML forms via email is a known entity and that their email client can be configured or modified as need be to allow for this.
0
 

Author Comment

by:DeathCheese
ID: 9858970
The original idea is something like this:

1) User receives form in email.  Modifies it in email client.

2) User hits reply, and the results of the form are sent via email to my server.

Using an email client's standard "Reply" button to submit the data...in theory.  I wasn't sure if that was possible, and I'm leaning towards not possible now.  The other option, adding a submit button to the email form, seems more realistic.  I've got a simple form submitting from some test emails.  Though I understand that not all email clients may be able to handle the submit action.  It does certainly seem like a vulnerability.

Thanks for all your responses.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the sites are being standardized with W3C Web Standards. W3C provides lot of web standard services to the web. They have the web specification, process and documentation for all the web standards. You can apply HTML, CSS and Accessibility st…
It's sometimes a bit tricky to use date functions in Oracle BPEL. I'll explain quickly how you can add N days to the current date. In a BPEL process this can be useful, and you can adapt it to fit your needs. First of all, let's see how to add 1 …
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now