Usage of --audit-exclude-vector
Hello,
I tried to scan website http://www.artaoweb.com/services/front-end-coding/ but there is an email contact form sending multiple emails when scanned.
I tried to use --audit-exclude-vector to skip submitting this form, but without any success (--audit-exclude-vector=form[email], form[phone], form[message]).
Here´s form code:
-
<div class="Form ContactForm">
<form method="post" action="#EditFormform" class="form AdminTableEdit" id="EditFormform">
<div id="tab-form">
<div class="form AdminTableEdit PageContent" id="EditFormform">
<div class="Table">
<div class="Item ">
<div class="Column"><label for="form_email">E-mail</label></div>
<div class="Column">
<input type="text" id="form_email" name="form[email]" />
</div>
</div>
<div class="Item ">
<div class="Column"><label for="form_phone">Phone</label></div>
<div class="Column">
<input type="text" id="form_phone" name="form[phone]" />
</div>
</div>
<div class="Item ">
<div class="Column"><label for="form_message">Message</label></div>
<div class="Column">
<textarea cols="50" rows="10" id="form_message" name="form[message]"></textarea>
</div>
</div>
</div>
<div class="FilesUploading"></div>
<div class="Center">
<button class="Submit">Send</button>
- </div>
Could you please give me an advice how to use the parameter correctly?
Thank you
K.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 11 Jul, 2017 01:40 PM
That option will simply not audit the specific inputs, you need to exclude the resource completely, you can do that with the --scope-exclude-pattern option.
This should work:
--scope-exclude-pattern=front-end-coding
2 Posted by Kerry on 11 Jul, 2017 01:52 PM
Thank you for response. But if I understand correctly, it will exclude the whole page. As this contact form is on multiple pages (some corporate websites have it on all pages) it will dramatically reduce the scope of the test. Isn´t there any other option to exclude just this one form from submitting, but still audit rest of the page?
Thanks
K.
Support Staff 3 Posted by Tasos Laskos on 12 Jul, 2017 10:48 AM
Fair point, I'll update the system to skip elements if all their input vectors have been excluded.