New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[RFC] Hide captcha field for users and add honeypot field #832
[RFC] Hide captcha field for users and add honeypot field #832
Conversation
Awesome, thank you @ausi. |
|
||
<?php if (!$this->hasErrors()): ?> | ||
<div style="display:none"> | ||
<label for="ctrl_<?= $this->id ?>_hp">Do not fill out this field</label> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In English should be fill in this field
and I wonder if we should translate it anyway for screenreaders? Also I wonder if there's some WAI-ARIA directive to improve usability for handicapped people.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, the PR wasn’t completely finished, thats why I added [RFC], not [RTM] :)
Because there is a display:none
div directly around it, no user and no screenreader user will see that in 99.9999% of cases.
But yes, we should change it to Do not fill in this field
and translate it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With display:none
, the message will never be read out by screen readers. We do not need to translate it therefore.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed in 820ea42.
@leofeyer should we restructure |
Followup: #835 |
@ausi Does this new function replace your anti-spam-extension? In other words, is it the same? |
It works with the same principles: time check, JS check and a honeypot field. So I think it should offer the same protection. The biggest difference to the anti-spam extension is the naming of the honeypot field I think. The extension tries to use very attractive names, but this can have conflict problems with other fields in the form. |
We could improve the new feature like "if there is no field named Does this make sense? And is it worth the effort? |
The "if there is no email" does not work reliably. You could determine that in the loadFormField hook in case of the form generator but the captcha is used elsewhere too. Like comments form or whatever the developers did directly with that widget. I think the honeypot field is going to work anyway. |
With these changes we would achieve the following: