[Debugging] analyze the validation rules for comments submitted by the blog site

Today, I accidentally discovered that I have opened multiple posts in the blog park at the same time.ArticleIf you submit comments with the same content in different articles in a short time, the system will prompt"This comment has been posted!". At first, I felt that this was a bug. After all, there were no identical comments in the same article. After repeated tests, you can find through fiddler that the prompt message is returned by addcomment in http://www.cnblogs.com/ws/commentservice.asmx:

 
// {"D": {"_ type": "blogserver. web. WS. returnvalue "," issuccess ": false," commentid ": 0," returndata ":" This comment has been posted! "}}
 

From the method in the pageCodeIn the Annotations:

$. Ajax ({URL: '/WS/commentservice. asmx/addcomment ', data: $. tojson (comment), type: "Post", datatype: "JSON", contenttype: "application/JSON; charset = utf8", success: function (data) {If (data. d) {If (data. d ["issuccess"]) {var dt = (new date ()). gettime ()-startdate; showcommentmsg ("thank you for your reply :)" + "submission time consumed" + dt + "millisecond"); // rereshcomments2 (comment. parentid); $ ("# tbcommentbody "). val (''); $ (" # divcommentshow ").html ($ (" # divcommentshow ").html () + data. d ["returndata"]); // $ ("# divcommentshow" ).html (data. d ["returndata"] + content. replace (/\ n/g, "<br/>") + "<br/>"); commentnotify (data. d ["commentid"]);} else {// The prompt message showcommentmsg (data. d ["returndata"]); $ ("# span_comment_posted" ).html ('');}

It can be found that the "issuccess" and "returndata" attributes in the returned information determine the prompt. This seems to be a restriction intentionally added by the blog Park in the background. The logic is like:You cannot submit comments with the same content for a period of time, regardless of whether the same article is used.In other words, even comments with the same content can be submitted repeatedly in the same article as long as the interval is long enough. In the same article, the following restrictions apply:

 
If ($ ("# span_comment_posted" ).html ()! = ''& $ (" # Span_comment_posted "pai.html () = content) {alert (" this comment has been posted! "); Return ;}
 

This script determines that the same comment cannot be submitted repeatedly for the same article, but this logic cannot prevent the same comment from being submitted repeatedly. From the perspective of preventing malicious screen flushing, this restriction should be reasonable, but the same page already hasAlert ("this comment has been posted! ");Restriction. If this prompt is changed"The same comment cannot be submitted within XXX seconds!"It is more intuitive and ambiguous.

Based on all the previous analyses, we will summarize the implementation of comment verification rules in the blog Garden:
First, compare the content cached by span_comment_posted on the client to determine whether the same comment has been submitted consecutively. Then, the client sends a prompt via alert, the span_comment_posted content does not make sense after the page is refreshed or switched to another page. Therefore, this verification is only effective on the same page and no manual refreshing is performed.
Second, in the background commentservice, the same content cannot be submitted continuously within a period of time (as if it was 60 seconds. This method is reliable. Whether or not the page is refreshed or not, verification rules are not affected.
Finally, it seems that the commentservice will prompt"Comments are submitted too frequently! "The implementation method should be the same as that of the former.

The overall feeling is that the validation rules of the blog Park are still relatively complete. Besides the prompts mentioned above, they are not accurate and there are no good comments for the time being,If you have any better comments, let's discuss them together.