Banning Certain Email Addresses From Your Forms
Certain email addresses can be banned before the form is submitted. In other words, you don't need to modify the software that the form submits to.
This can come in handy if you keep getting bothered by a certain person using your form in a manner inconsistent with civility. It's easy to add or remove email addresses to ban, or to ban all email addresses @ a specific domain name.
The functionality requires JavaScript.
Here is how it works:
-
In an unpublished div (CSS style
display:none;
), you type in the email addresses to be banned. -
When the button is tapped to submit the form, JavaScript checks to see if any of the email addresses are used in the form's email field.
- If there is a match, the form is prevented from submitting.
- If there is no match, the form is allowed to continue submitting.
Emails can be banned by complete email address (ie, name@example.com
) or by domain name (ie, example.com
).
If banned by domain name, any subdomain will also be banned. That's because domain name matching begins at the right. All of these would match when example.com
is banned.
example.com
coinexample.com
books.example.com
books.coinexample.com
Email addresses are case-insensitive. Capital letters are converted to lower-case letters before matches are tested.
An aside: Instructions for it are outside the scope of this article, but I want to mention that some modification of the technique used to ban email addresses without updating the form processing software could be implemented for banning certain words or phrases from individual form text fields.
Giving Your Form Email Banning Functionality
There are 3 steps:
-
Create a CSS style
display:none;
div on the web page with the form to contain the email addresses to be banned. -
Publish JavaScript (provided below) on the web page with the form.
-
Tweak the form to hook it up to the JavaScript.
Creating div
to Contain Banned Email Addresses
The div with your banned email addresses is designed to make it as easy as possible to insert and removed addresses as needed.
There is no JavaScript within this div. Simply type in the addresses or delete addresses already there.
The div has an id="banned-emails-list-div"
attribute so the JavaScript can find the addresses and a CSS style display:none;
to prevent the div from being published in the browser window.
Here is the div with 2 example email addresses to ban.
<div id="banned-emails-list-div" style="display:none;">
one@two.com
example.com
</div>
Email addresses can be the entire address to ban or it can be a domain name so all addresses at that domain are banned. To specify a complete email address match, include @
in the email address. To specify a domain name match, do not include the @
character.
Email addresses/domain names may be on the same line or on multiple lines. If more than one email address/domain name is put on a line, separate them with a space and/or a comma.
If the id value banned-emails-list-div
is changed, there is a place in the JavaScript where the corresponding change needs to be made. That's so the JavaScript knows the identification of the div.
Publish the banned email addresses div anywhere in the source code of the web page, so long as it is somewhere between the <body…>
and cancel </body>
tags.
The JavaScript
Past the JavaScript somewhere on the page, anywhere that JavaScript can go. Immediately above the cancel </body>
tag is good if you don't have somewhere else you prefer it to be.
Here is the JavaScript code. There are two places to edit, which are mentioned below the code.
<script type="text/javascript"> /* Check Banned Email List Version 1.0 October 19, 2019 Will Bontrager Software LLC /* function CheckBannedEmailList() { var IDofEmailListDiv = "banned-emails-list-div"; var IDofEmailField = "email-field"; var addy = document.getElementById(IDofEmailField).value.replace(/^[\s\,]*/,""); addy = addy.replace(/[\s\,]*$/,""); addy = addy.toLowerCase(); var addylength = addy.length; if( ! addy.length ) { return true; } var s = document.getElementById(IDofEmailListDiv).innerHTML.replace(/^[\s\,]*/,""); s = s.replace(/[\s\,]*$/,""); s = s.toLowerCase(); var list = s.split(/[,\s]+/); var len = list.length; for( var i=0; i<len; i++ ) { if( list[i].match(/\@/) ) { if( list[i] == addy ) { return false; } continue; } var ndx = addy.indexOf(list[i]); if( ndx < 0 ) { continue; } if ( (ndx+list[i].length) == addylength ) { return false; } } return true; } </script>
Customization notes —
At about lines 9 and 10, you'll see these two lines of JavaScript code.
var IDofEmailListDiv = "banned-emails-list-div"; var IDofEmailField = "email-field";
banned-emails-list-div
is the id value of the div with your banned email addresses. If you changed the div's id, then the banned-emails-list-div
value needs to be changed accordingly.
email-field
represents the id value of the form field where the form user types in the email address. Change email-field
to the id value of that form field. If the form field does not yet have an id value, give it one.
Hooking Up the Form
To hook up the form to the JavaScript insert an onsubmit attribute into the form's form tag (colored blue in this example).
<form onsubmit="return CheckBannedEmailList()" method="post" action="script.php">
The form should then check the email address in the email address field against the email addresses/domains you have banned. If there is a match, the form should not submit. Otherwise, the form should submit normally.
If it is inconvenient to insert the attribute into the form's form tag, there is an alternative.
The alternative method to hook up the form to the JavaScript is to insert an onclick attribute into the form's submit button tag (colored blue in this example).
<input type="submit" onclick="return CheckBannedEmailList()" value="Tap Me">
That works when the submit button is clicked, but is unlikely to work when the form is submitted in other ways, like hitting the "Enter" key of one-text-field forms.
Functionality implementation has now been completed.
Whenever someone (or you, while testing) types in a banned email address or an email address with a banned domain, the form won't submit. Otherwise, the form works as expected.
(This article first appeared with an issue of the Possibilities newsletter.)
Will Bontrager