We Keep Coding

My HTML form is not mailing the results to me

I have made and html file following the books Computer Learning by Sumita Arora and it's Cornestone
class 7. I have been making a form using chapter 7, and it's not working! The full code is (the wrong line is the mailto: line)
<!DOCTYPE html>
<html>
<head>
<title>A Form</title>
</head>
<p>A Form</p>
<body style="background-color:grey">
<form action = "mailto:email address blured for obvious reasons" method = "post">
<p>
<b>First name:</b>
<input type = "text" id = "firstname" style="background-color:black"><br/>
<p><b>Last name:</b>
<input type = "text" id = "firstname" style="background-color:black"><br/></p>
<p><b>School:</b>
<input type = "text" id = "School" style="background-color:black"></br></p>
<p><b>Address</b>
<input type = "text" id = "Address" style="background-color:black"></br></p>
<input type = "submit" value = "Send" style="background-color:black"> <input type = "reset" style="background-color:black">
</br>
Copyright © Manik Sharma (THEOP05) 2022
</p>
</form>
</body>
</html>

mailto does not send an email in an automated way. It instructs the user's browser to show the user an email client. When I run your code on my local machine, the "Submit" button pops open Mozilla Thunderbird, since that's the email client installed on my machine. If you don't have an email client installed on your machine, then it's possible nothing will happen.
Of course, that's the client's machine, which is very likely not what you want. If you really want your form to send an email with the form results to THEOP05#example.com, you need to do that routing on the server side. The details will depend on your server framework (Django, Rails, PHP, etc.), but you should add an ordinary HTTP endpoint on your server, something like http://example.com/form-submit, which takes the form input as a POST parameter and, using whatever language your server is written in, sends the email server-side.
I know Django has facilities for automating the handling of forms (and conventions in place to make it easier). I suspect Rails does as well.

Try to change the method to "get"
<form action = "mailto:email address blured for obvious reasons" method = "get">

In order to send email with a form, you need an email delevery service. In the MVC, Html is the view (frontend) and sending email should be done by the controller or the model (backend). I like to use mailgun, but any other large scale email delevry service will provide you a nice UI and multiple usefull features. If your backend is PHP, you can use composer to install dependencies. I recommand the symfony mailer composer require symfony/mailer with you favorite 3rd Party Transport (eg.: composer require symfony/google-mailer for gmail.)
­> Note that if your backend directly send emails, thoses emails can go into spam pretty much every time, and it takes a lot of ressoruces to process the email delevery, but this is a decision you can take based on how you want to send your emails.

Testing XSRF Attacks through HTML form & direct URL

I have a web application, on which we currently implement XSRF protection.
From what I gather, XSRF attacks work this way:
the attacker finds out how the client communicates with the server of
the web application, i.e. how its HTTP requests are formatted
the attacker rewrites (forges) a http request that would order the
server to do what the attacker wants
all the attacker now lacks is an authentification on the server
the attacker tricks people into loading a webpage that sends his
forged request. Out of the people who get tricked, those who
happen to be currently logged in the application will unwillingly
provide the forged request with the credentials it needs to be executed
by the server.
To test our website, I looked at the POST HTTP requests the client sends to the server to give it orders (using F12 in Internet Explorer), and forged one myself.
It looks like this:
https://mywebsite/Camp.aspx?
EventTarget=SaveButton
&TargetField=I+am+the+king+of+the+world
First line is the URL seen in the browser (minus the "?"), second line is the action to be executed by the server, 3rd line is the field I want to update.
Then I logged on the website and tested my forged request in 2 ways:
A) I simply open a new tab in the browser, paste the forged URL above and click enter
(tested with IE and Chrome)
B) I open in another tab a page with content:
<html xmlns="http_www.w3.org/1999/xhtml">
<body>
<form method="post" action="https://mywebsite/Camp.aspx">
<input type="hidden" name="EventTarget" value="SaveButton">
<input type="hidden" name="TargetField" value="I+am+the+king+of+the+world">
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>
(tested with methods GET and POST)
I would expect both tests to be identical but to my surprise:
test A opens the target page on the website and actually updates the
target field
test B opens the target page on the website but does not update
the target field
I have 2 questions:
Why do test A and test B bring different results?
Test B definitely is a valid CSRF Attack Test (even though an
attacker would rather want to do the action without opening the
page), is Test A also valid?
Thanks!

Solved the Problem myself.
I had obviously posted a simplified version of the request. The real request contained signs that need to be URL-encoded. Here it was the sign "$", which encodes in URL as "%24".
So if the direct URL is
https://mywebsite/Camp.aspx?
EventTarget=abc%24def
then the corresponding HTML form should be
<html xmlns="http_www.w3.org/1999/xhtml">
<body>
<form method="post" action="https://mywebsite/Camp.aspx">
<input type="hidden" name="EventTarget" value="abc$def">
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>

Send POST request from vb.net

I'm developing an application for Cisco IP phone to send messages. Currently I have the HTML code to send the request. But I need to send request from VB.NET therefore I can integrate with one of my application. please find the below mentioned HTML Code,
<html>
<head></head>
<body>
<form method="POST" name="XML" action="http://Reed:password#192.168.13.112/CGI/Execute">
<textarea name="XML">
<CiscoIPPhoneText><Text>Hi Mr.Anton..! Welcome ..!</Text> </CiscoIPPhoneText>
</textarea><br>
<input type="submit" value="POST"/>
</form>
</body>
</html>
Currently this code is working with HTML. I need to send these information to the IP Phone using VB.NET
Your help is highly appreciated.

Need help sending Email from form HTML

I have a form that reads
<form action="Send.asp" method="POST" name="Order" id="Order">
in my send a quote page. The submit button reads as follows:
<input name="B1" type="submit" class="style80" value="Submit">
Now when I click on the button, it only redirects to the home page. I would like it to go to the .asp file called Send.asp
That .asp file has the sending methods: connect to SMTP server and compile an email form the input boxes on the request page.
Why is my email not sending? What am I missing from the form tag?

Your input type=submit seems correct. Is the Send.Asp page in the same directory than the html file ?. Maybe you have to use other relative route.
Are you debugging Send.asp file to check if it is being called?.
That could be a start.
Try changing aswell the Send.Asp with full url to discard that the url is not valid.
form action="http://yoururl/yourproject/Send.asp" method="POST" name="Order" id="Order">

How do I make a simple email form submission in HTML?

I tried w3schools but it didn't help and I tried other websites too. I just wanna make a short html script that sends an email to an email address, but I keep reloading my email inbox and nothing comes up. Can you help?
<form action="MAILTO:MY_EMAIL#yahoo.com" method="post" enctype="text/plain">
<input type="text" name="email" value="Email">
<input type="text" name="message" value="Message">
<input value="Submit" type="submit">
</form>

You need to use a server side script here. HTML alone won't help you here. HTML is just the frontend logic. You need some script on backend that accepts this data you submit and actually sends out an email. To take the example in PHP, assuming u have the server set up and all or that your shared
<form action="sendmail.php" method="post" enctype="text/plain">
<input type="text" name="email" value="Email">
<input type="text" name="message" value="Message">
<input value="Submit" type="submit">
</form>
sendmail.php
$email=$_POST['email'];
$message=json_encode($_POST);
$receiver="MY_EMAIL#yahoo.com";
$mailer="mailer#myservice.com";
mail($email,"Message for enquiry or whatever",$message, array("from"=>$mailer));

There were, at some point, browsers that supported forms of this type. However, they're all gone now -- you will need a server-side script to send email. It's impossible to do using HTML alone.

You are confusing a few things.
When you Submit a form, it goes from the client (browser) to your server, which acts upon it. The form action needs to be a URL which handles the request. The mailto: URI scheme is not a valid action to use.
You have two choices:
You can create a mailto: link like this:
Send email
which will open your default email client,
OR
You can put a URL corresponding to an end point on your server, something like
form action="/send/mail"...
and have your server send the email

I believe the easiest way to do this is using a service like Zapier or IFTTT. Both of them offer a way to create Zaps/Applets that can send an email when you post to a specific url.
This is what configuration would look like in IFTTT and Zapier .
IFTTT is simpler to setup, Zapier has more options, like sending to more than one emails. I believe IFTTT only lets you send to your account's email.