Sitekit Forums
Developer Discussion - CAPTCHA
James Bentley
Posted on 14 August 2014
James Delaney
AdminPosted on 19 August 2014
That's a great suggestion James.
We are currently looking at an alternative CAPTCHA option that requires no human input and instead looks to trick SPAM bots into failing a validation test. Although this may not make it into the next release due this year, CAPTCHA and form handling are areas we are actively looking to improve.
Thanks again for the suggestion and do keep them coming.
James Bentley
Posted on 19 August 2014
Thanks James - great to hear.
Is there anything that can be done in the meantime? It seems increasingly common for CAPTCHA fields to at least let you refresh the image if you can't read the numbers but obviously the Sitekit default doesn't let you do this.
A couple of times I've had to fudge a solution with a refresh button, but unfortunately this refreshes the whole page, so I'm having to put the CAPTCHA at the start of the form rather than the end (as some browsers reset forms on page refresh and I don't want to frustrate people who have already completed the form but can't read the CAPTCHA).
Example: http://www.uhb.nhs.uk/customer-care-awards.htm
Obviously this isn't ideal, and we could do with CAPTCHA on more of our forms. Being able to plug in reCAPTCHA, for example, would be massively useful.
James Delaney
AdminPosted on 19 August 2014
In the short term, I'd probably have to suggest implementing your form on a blank page and displaying it on the parent page within an iframe. At least then your refresh trigger would only appear to refresh the form.
Also, a hardcoded form would technically allow you to use reCaptcha but you would lose the administrative editing and management provided by the CMS.
I'll raise this with colleagues. They may be able to suggest a better alternative.
James Bentley
Posted on 19 August 2014
I haven't tried it yet, and maybe I'm missing something, but wouldn't the iframe suggestion incur the same issue? It's refreshing the page containing the form which is the problem. Surely you're still effectively refreshing the page which contains the form even if said page is embedded into another using an iframe (which I'd rather avoid anyway), and therefore anything already entered into the form will disappear when it's refreshed?
As regards reCAPTCHA (or any other viable solution which achieves a better outcome than the current default), yes, I'd hate to lose the form management features offered by the CMS as this would involve me stepping outside my HTML/CSS/jQuery(ish) comfort zone.
James Delaney
AdminPosted on 20 August 2014
Yes, unfortunately it would mean losing any entered content.
Our anti-spam feature is in development, hopefully it will make it into the next version. If not, we can look at the feasibility of plugging in alternative CAPTCHA methods.
James Bentley
Posted on 20 August 2014
In that case I'll leave it - it's not refreshing the page I have a problem with as such, though this isn't ideal. Rather, it is the issue of losing the form's entered content.
I look forward to seeing an alternative soon.