curtis / honeypot-captcha Goto Github PK
View Code? Open in Web Editor NEWA simple way to add honeypot captchas in your Rails forms.
Home Page: http://rubygems.org/gems/honeypot-captcha
License: MIT License
A simple way to add honeypot captchas in your Rails forms.
Home Page: http://rubygems.org/gems/honeypot-captcha
License: MIT License
Hi,
could you add support for simple_form and formtastic gems?
Describe the bug
Under Rails 6, the gem adds the following deprecation warning:
DEPRECATION WARNING: Initialization autoloaded the constants ActionText::ContentHelper and ActionText::TagHelper.
Being able to do this is deprecated. Autoloading during initialization is going
to be an error condition in future versions of Rails.
Reloading does not reboot the application, and therefore code executed during
initialization does not run again. So, if you reload ActionText::ContentHelper, for example,
the expected changes won't be reflected in that stale Module object.
`config.autoloader` is set to `classic`. These autoloaded constants would have been unloaded if `config.autoloader` had been set to `:zeitwerk`.
Please, check the "Autoloading and Reloading Constants" guide for solutions.
(called from <top (required)> at /Users/sunny/code/cults/config/environment.rb:7)
To Reproduce
Create a Rails 6.0.2.2
app:
rails new honeypot-captcha-rails-example
cd honeypot-captcha-rails-example
rails test
At this point there is no deprecation warning.
Add the gem:
echo "gem 'honeypot-captcha'" >> Gemfile
bundle
spring stop
rails test
The "DEPRECATION WARNING" message appears.
It seems like the form field has disappeared once I upgraded.
Describe the bug
When honeypot_style_class
is overridden with a value:
def honeypot_style_class
'classname'
end
the resulting form HTML contains invalid escaping, like this:
<form method="post"><input name="utf8" type="hidden" value="✓" /><div id="a_comment_body_hp_1549963167" class="classname"><label for="a_comment_body">Do not fill in this field</label><input type="text" name="a_comment_body" id="a_comment_body" /></div>
To Reproduce
Expected behavior
Resulting HTML should not contain invalid escaping:
<form method="post"><input name="utf8" type="hidden" value="✓" /><div id="a_comment_body_hp_1549963127" class="classname"><label for="a_comment_body">Do not fill in this field</label><input type="text" name="a_comment_body" id="a_comment_body" /></div>
Is your feature request related to a problem? Please describe.
We are in a process to revive an old rails 3 app to latest stack, so we are going through to update all gems and replace which needs replacement for this.
In this gem, i was looking for history.md
or at-least release notes of some sort. I understand there has been very low activity on this and it got release 1.0 after almost 9 years of no release.
We are on v 0.x, we would like to have some reference on why there is major version bump and if there is anything we need to change. Or if this drops support for any older ruby/rails versions etc which we should be aware of.
Describe the solution you'd like
A history.md
file with any major changes mentioned. And mention supported ruby+rails versions in readme. And follow this for future releases.
Describe alternatives you've considered
n/a
Additional context
n/a
The honeypot fiel needs to be present in the POST request
To Reproduce
Steps to reproduce the behavior:
Expected behavior
If the field is not present, the filter should be triggered. I installed the gem honeypot-captcha but bots were still sending spam. Presumably they have the POST request stored somewhere prior to using the honeypot and are bypassing the filter without any effort.
Hello,
I used your gem on a form_for helper, following the instructions in the README (installed the gem and added "honeyput : :true" in the HTML options hash). I went to check the source code of my form page, expecting to find extra fields in the form, but I didn't find any.
How do I know that everything worked well then ?
Thank you :)
Amina
We have forms being submitted with "\n"
values in our honeypot fields (which are just the default a_comment_body
). These are not properly being caught in the protect_from_spam
method. It looks like this is because "\n".blank?
returns true: https://github.com/curtis/honeypot-captcha/blob/master/lib/honeypot-captcha.rb#L18.
Can we get a modification to that function to check for parameter length as well?
Hi,
Is it possible to put the <style>
tag in the <head>
of the document ?
Got the following warning after upgrading application to rails 5.0
DEPRECATION WARNING: alias_method_chain is deprecated. Please, use Module#prepend instead. From module, you can access the original method using su
per. (called from module:FormTagHelper at /Users/user/.rvm/gems/ruby-2.3.1@gemset-rails5/bundler/gems/honeypot-captcha-94cea0485ad9/lib/h
oneypot-captcha/form_tag_helper.rb:18)
I noticed an exception being raised when a bot submits text with entities/emoji etc.
Here's the log:
ArgumentError (invalid byte sequence in UTF-8):
lib/active_support/core_ext/object/blank.rb:128:in `blank?'
lib/honeypot-captcha.rb:18:in `block in protect_from_spam'
Here's some of the submitted text:
\xED\xA0\xBD\xED\xB1\x8B Hey,\r\n\r\n\r\nDo you know that workflows are taking over 99% of all AI tools⦠\xED\xA0\xBD\xED\xB4\x84\xED\xA0\xBD\xED\xB2\xA1\r\n\r\n\r\nYes,\r\nWith marketing workflows, you can do more, better, and faster. You can connect all your tasks and let them run smoothly, like a well-oiled machine.
Could we handle that so exceptions aren't raised?
I was able to figure it out by reading the source code, but it would have been nice if it was listed in the README.
Place the following before_filter in the controller to which your form is submitting.
before_filter :protect_from_spam
Thanks
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google β€οΈ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.