curtis / honeypot-captcha Goto Github PK

Hi,
could you add support for simple_form and formtastic gems?

Describe the bug

Under Rails 6, the gem adds the following deprecation warning:

DEPRECATION WARNING: Initialization autoloaded the constants ActionText::ContentHelper and ActionText::TagHelper.

Being able to do this is deprecated. Autoloading during initialization is going
to be an error condition in future versions of Rails.

Reloading does not reboot the application, and therefore code executed during
initialization does not run again. So, if you reload ActionText::ContentHelper, for example,
the expected changes won't be reflected in that stale Module object.

`config.autoloader` is set to `classic`. These autoloaded constants would have been unloaded if `config.autoloader` had been set to `:zeitwerk`.

Please, check the "Autoloading and Reloading Constants" guide for solutions.
 (called from <top (required)> at /Users/sunny/code/cults/config/environment.rb:7)

To Reproduce

1. Create a Rails 6.0.2.2 app:

   rails new honeypot-captcha-rails-example
   cd honeypot-captcha-rails-example
   rails test

   At this point there is no deprecation warning.

2. Add the gem:

   echo "gem 'honeypot-captcha'" >> Gemfile
   bundle
   spring stop
   rails test

   The "DEPRECATION WARNING" message appears.

It seems like the form field has disappeared once I upgraded.

Describe the bug
When honeypot_style_class is overridden with a value:

def honeypot_style_class
  'classname'
end

the resulting form HTML contains invalid escaping, like this:

<form method="post"><input name="utf8" type="hidden" value="&#x2713;" /><div id="a_comment_body_hp_1549963167" class="classname">&lt;label for=&quot;a_comment_body&quot;&gt;Do not fill in this field&lt;/label&gt;&lt;input type=&quot;text&quot; name=&quot;a_comment_body&quot; id=&quot;a_comment_body&quot; /&gt;</div>

To Reproduce

1. Override honeypot_style_class in your application as described

Expected behavior
Resulting HTML should not contain invalid escaping:

<form method="post"><input name="utf8" type="hidden" value="&#x2713;" /><div id="a_comment_body_hp_1549963127" class="classname"><label for="a_comment_body">Do not fill in this field</label><input type="text" name="a_comment_body" id="a_comment_body" /></div>

Is your feature request related to a problem? Please describe.
We are in a process to revive an old rails 3 app to latest stack, so we are going through to update all gems and replace which needs replacement for this.
In this gem, i was looking for history.md or at-least release notes of some sort. I understand there has been very low activity on this and it got release 1.0 after almost 9 years of no release.

We are on v 0.x, we would like to have some reference on why there is major version bump and if there is anything we need to change. Or if this drops support for any older ruby/rails versions etc which we should be aware of.

Describe the solution you'd like
A history.md file with any major changes mentioned. And mention supported ruby+rails versions in readme. And follow this for future releases.

Describe alternatives you've considered
n/a

Additional context
n/a

The honeypot fiel needs to be present in the POST request

To Reproduce
Steps to reproduce the behavior:

1. Submit the form without the honeypot field
2. You've dodged the spam filter

Expected behavior
If the field is not present, the filter should be triggered. I installed the gem honeypot-captcha but bots were still sending spam. Presumably they have the POST request stored somewhere prior to using the honeypot and are bypassing the filter without any effort.

Hello,

I used your gem on a form_for helper, following the instructions in the README (installed the gem and added "honeyput : :true" in the HTML options hash). I went to check the source code of my form page, expecting to find extra fields in the form, but I didn't find any.

How do I know that everything worked well then ?

Thank you :)
Amina

We have forms being submitted with "\n" values in our honeypot fields (which are just the default a_comment_body). These are not properly being caught in the protect_from_spam method. It looks like this is because "\n".blank? returns true: https://github.com/curtis/honeypot-captcha/blob/master/lib/honeypot-captcha.rb#L18.

Can we get a modification to that function to check for parameter length as well?

Hi,

Is it possible to put the <style> tag in the <head> of the document ?

Got the following warning after upgrading application to rails 5.0

DEPRECATION WARNING: alias_method_chain is deprecated. Please, use Module#prepend instead. From module, you can access the original method using su
per. (called from module:FormTagHelper at /Users/user/.rvm/gems/ruby-2.3.1@gemset-rails5/bundler/gems/honeypot-captcha-94cea0485ad9/lib/h
oneypot-captcha/form_tag_helper.rb:18)

I noticed an exception being raised when a bot submits text with entities/emoji etc.

Here's the log:

ArgumentError (invalid byte sequence in UTF-8):
lib/active_support/core_ext/object/blank.rb:128:in `blank?'
lib/honeypot-captcha.rb:18:in `block in protect_from_spam'

Here's some of the submitted text:

\xED\xA0\xBD\xED\xB1\x8B Hey,\r\n\r\n\r\nDo you know that workflows are taking over 99% of all AI tools… \xED\xA0\xBD\xED\xB4\x84\xED\xA0\xBD\xED\xB2\xA1\r\n\r\n\r\nYes,\r\nWith marketing workflows, you can do more, better, and faster. You can connect all your tasks and let them run smoothly, like a well-oiled machine.

Could we handle that so exceptions aren't raised?

I was able to figure it out by reading the source code, but it would have been nice if it was listed in the README.

Place the following before_filter in the controller to which your form is submitting.

before_filter :protect_from_spam

Thanks