Is there a way to differentiate between a JavaScript click and a real user click

I have a JavaScript click event bound to an anchor link that submits user data on click via Ajax. This link doesn't actually go anywhere, it's just an Ajax post.

The problem is that the user can write a script to rapidly spam submission. Is开发者_JS百科 there a way to disallow JavaScript from triggering the click event.

I can put a flood control on it, bit I can't use one that's too egregious without destroying the chat room functionality.

The problem is that the user can write a script to rapidly spam submission

AFAIK you will not be able to differentiate between a javascript click and user click.

The best thing will be to validate the data that is getting submitted.

If you really want to have some validation to stop automation submissions you can add the image checks which all websites does.

User has to enter the image which he sees to proceed furthur, i don't know the techincal name for that image.

It can stop the user automated jobs

If your intention is to prevent users from doing harmful things, it's a very bad idea to do the checks on the client side. There's always a way around it. The only reliable way is to check on the server.

You could simply have two variables per user: a spam score and a timestamp of the last post. Whenever the user posts a new message, calculate how much time has passed since his last message and lower the score a bit for each second, but increase it by a fixed value for every message sent. Once it reaches a threshold, deny new messages until it decreases again.

You could check the event.which property, which should contain a key (for mouse, it is usually 1, 2 or 3) code for the key pressed. If that property does not exist, then it is likely that it is a JavaScript click event instead of a user mouse click.

if (event.which != null) {
    // likely was user click
}