Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add honeypot for newsletter signup forms #164

Merged
merged 2 commits into from
Feb 28, 2020
Merged

Add honeypot for newsletter signup forms #164

merged 2 commits into from
Feb 28, 2020

Conversation

joshdarby
Copy link

Changes

This pull request makes the following changes:

  • Adds a fake hidden name field to the newsletter signup forms to trick bots into filling it out so we know not to actually submit the form

Why

For #163

Testing/Questions

Features that this PR affects:

  • Newsletter subscription forms

Questions that need to be answered before merging:

  • Is this PR targeting the correct branch in this repository?
  • Does this cover all forms, or are some missing?

Steps to test this PR:

  1. Fill out a newsletter form as usual and make sure it submits successfully
  2. Reload, fill out a newsletter form as usual and unhide the hidden field and give it a value. Submit the form and make sure instead of a real submit success message, you just see Submitted.

@joshdarby joshdarby requested a review from benlk February 28, 2020 15:13
@joshdarby joshdarby self-assigned this Feb 28, 2020
benlk
benlk approved these changes Feb 28, 2020
View reviewed changes
Copy link
Collaborator

@benlk benlk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we've got time, let's replace .uhohhoneypot with .visuallyhidden from Largo. Otherwise, this looks fine.

wp-content/themes/citylimits/less/newsletters.less Outdated
Comment on lines 199 to 207
.uhohhoneypot {
opacity: 0;
position: absolute;
top: 0;
left: 0;
height: 0;
width: 0;
z-index: -1;
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Largo has a .visuallyhidden class that can be used here instead of adding our own.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@benlk I figured Largo would have something like that, but wasn't sure if we should be concerned about using a class name with hidden in the name since I'm not sure if more advanced bots could detect that.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd go with whatever Mailchimp provides in its default form markup, since that's probably backed by a lot of research.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

e19e508 switches the fields to have the .visuallyhidden class

@joshdarby joshdarby merged commit c6328eb into master Feb 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@benlk benlk benlk approved these changes

Assignees

@joshdarby joshdarby

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@joshdarby @benlk