Comments (8)
OK, thanks for that @markets.
RefineryCMS has some "sanitization" code that strips out various html elements and attributes. Since style
and media
were not whitelisted, they were being stripped. For refinerycms users who are experiencing the same issue, you'll need to update config/initializers/refinery/pages.rb
and add the following lines:
config.add_whitelist_elements << 'style'
config.add_whitelist_attributes << 'media'
of course, this may open you up to malicious css hacks if your site accepts surfer input
from invisible_captcha.
My guess is that the gem simple_form_for
is somehow modifying the html for the form in such a way that the styling that would ordinarily keep the invisible_captcha
invisible is being stripped/altered. If you aren't already aware of this, you can press ctrl-u (or whatever the mac equivalent is) in most browers to see the actual source HTML code that is sent to the browser before any javascript starts changing it. You'll want to check that the css that (I believe) invisible_captcha
uses is also loading on the page in question and that those styles are not being overridden by other styles. Pressing ctrl-shift-c will reveal the inspector in most browsers which you can use to check many things. Good luck.
from invisible_captcha.
@charlesdeb @markets thank you both for your suggestions! I'll keep investigating in that direction...
from invisible_captcha.
Hi @charlesdeb and thanks for trying Invisible Captcha! Your usage seems fine, didn't see anything wrong with your shared snippets. Also the generated HTML seems the expected by the helper call. Perhaps your browser or your CSS are interfering here? Could you please share your Rails version, Invisible Captcha version and your custom settings (if any)?
from invisible_captcha.
I'm on rails 4.2.9, using invisible_captcha 0.12.0 and no custom settings. I am running it with refinery-cms 3.0.5 and bootstrap 4.0.0.alpha6. Yes, something is monkeying with the css styles. Assuming there is nothing weird about the rails versions, I will dig into what could be causing the contents of the html style tag to actually display as text in the page.
from invisible_captcha.
Hey @charlesdeb I'm using Invisible Captcha in several Rails apps, actually, one of them is running almost same versions (Rails 4.2.11, Invisible Captcha 0.12.0 and even Bootstrap 4.1.3) and it works fine.
I just checked locally in a fresh Rails 4.2 app, and I can't reproduce this behavior you're seeing in your app. Also, tests and demo app, are working fine under Rails 4.2 . So yes, I'd say that's something related to your environment (css, js, browser extensions, other plugins ...).
Please keep in touch, would be interesting to know what's causing this.
from invisible_captcha.
Hi @markets! Hope it's ok to write here (pretty new to web dev :) ), as I am facing a similar issue: the invisible captcha field is blocking as it should, but is also visible.
The view:
<%= simple_form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
<div class="form-inputs">
<%= f.input :email, required: false, autofocus: true %>
<%= f.input :password, required: false %>
<%= invisible_captcha :subtitle %>
<%= f.input :remember_me, as: :boolean if devise_mapping.rememberable? %>
</div>
The controller:
invisible_captcha only: :create, honeypot: :subtitle, on_spam: :your_spam_callback_method
private
def your_spam_callback_method
redirect_to root_path
end
Rails version: 5.1.4
Invisible Captcha version: 0.12.1
Only custom setting, I have slightly changed the wording for config.sentence_for_humans
I am not using RefineryCMS.
Do you have any idea about why this could be happening?
Thank you!
from invisible_captcha.
Hi @RMonteR and thanks for trying this gem!
Usually it's better to open new issues for new problems/questions, this one was closed by #45 (comment), so we can safely say this is totally unrelated to "your problem".
For more SimpleForm things, check this issue: #34, still open with no info to take a decision...
As @charlesdeb commented above, you should check the styles via a web inspector, maybe another gem or js library is overriding the invisible_captcha
styles. From invisible_captcha
code, the only thing that makes the honeypot visible is the visual_honeypots
option (which is false
by default).
from invisible_captcha.
Related Issues (20)
- Adding recaptcha to handle the chrome auto fill bug HOT 5
- Undefined method remote_ip HOT 1
- Tips when used together with Sorcery gem. HOT 1
- By using I18n.with_locale(..) in app_controller action is not called HOT 3
- IP spinner validation when forms are added with JS HOT 1
- Timestamp validation when forms are submitted with JS HOT 1
- Option with dynamic honeypot (collection of default honeypots) does not use scope HOT 1
- Submit form on multi tabs HOT 3
- Potential spam detected for IP 127.0.0.1. Invisible Captcha spinner value mismatch HOT 2
- Markup not valid when run through HTML validator HOT 6
- Each spinner should have a unique HTML ID
- `#honeypot_spam?` does not use `:scope` option if `:honeypot` option is not also set. HOT 1
- InvisibleCaptcha::ControllerExt honeypot attribute ActiveSupport::Notifications dispatches an `invisible_captcha.spam_detected` event test is failing now HOT 10
- Edge case with scope changes in 2.1.0
- It's difficult to write tests HOT 3
- [Invisible Captcha] Potential spam detected for IP 127.0.0.1. Timestamp not found in session. HOT 13
- Captcha field visible in Rails 7.1 HOT 5
- Logic bug regarding spinner-based protection HOT 4
- Chrome sometimes autofilling "subtitle" honeypot HOT 11
- New feature: Spam-Filtering on Post requests only HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from invisible_captcha.