I am very wary of relying on CSS to hide a field the user is never supposed to see. I have on more than one occasion seen an "invisible" error message displaying inappropriately because there was a failure to load or interpret the CSS.
For including a hidden field in a form that only bots will fill out, I like to start with a commented-out field, with a nice irresistible fieldname such as url. This right away gets rid of about 90% of spam submissions and does not appear to have any accessibility side effects.
Genny Engel
Sonoma County Library
[log in to unmask]
707 545-0831 x581
www.sonomalibrary.org
-----Original Message-----
From: Code for Libraries [mailto:[log in to unmask]] On Behalf Of Erin R White/FS/VCU
Sent: Monday, October 24, 2011 7:47 AM
To: [log in to unmask]
Subject: Re: [CODE4LIB] web spam block less awful than Captcha?
I'll second Dre's method here. We've used it with great success on our
mobile website - it adds zero effort for users and we've had maybe one
false positive since March 2010.
The field is input type="text" with CSS hiding it and its label from
display. From my extensive googling it like as of JAWS 10 (released 2009),
elements hidden by CSS aren't read, but I'm not sure about support from
other readers. I'm assuming some kind of "skip" mechanism will be built in
to WAI-ARIA too.
<label for="spam_city" class="hidden">Spam catcher - do not complete this
field</label>
<input type="text" name="spam_city" class="hidden" />
--
Erin White
Web Applications Developer, VCU Libraries
804-827-3552 | [log in to unmask] | http://library.vcu.edu/
From: Ken Irwin <[log in to unmask]>
To: [log in to unmask]
Date: 10/24/2011 10:35 AM
Subject: Re: [CODE4LIB] web spam block less awful than Captcha?
Sent by: Code for Libraries <[log in to unmask]>
This is an intriguing approach, Dre. I wonder how to render this
non-problematic for folks with screen-readers too. You could just say
"leave this field blank" but that's sort of weird too. Is there a WAI-ARIA
approach that would get screen readers to hide this field too?
I'm looking into Mollom too -- looks like that could work in a few areas
of our site.
Thanks all!
Ken
-----Original Message-----
From: Code for Libraries [mailto:[log in to unmask]] On Behalf Of
Andreas Orphanides
Sent: Monday, October 24, 2011 10:13 AM
To: [log in to unmask]
Subject: Re: [CODE4LIB] web spam block less awful than Captcha?
Here's a method that's by no means foolproof but is practically zero cost
(you may be using a version already). Disclaimer -- I have not actually
tested this to any extent:
Include a text input field in your form that needs to be blank for the
form to validate in the back end. Keep the field hidden with CSS (or
z-indexed behind another element, size set to zero, etc). Users will never
see it, so their forms will validate; I doubt that most spambots are
sophisticated enough to check whether a form field is hidden or obfuscated
before filling it in. Then silently reject submissions with that field
filled.
I am not sure whether this would cause any problems with tab navigation,
screen readers or other assistive technologies, but you may be able to do
something to sidestep those issues.... On the other hand, captcha brings
its own host of accessibility problems.
One other disadvantage is that this might be hard to implement in a
CMS-based form plugin. But if you're coding forms the old-fashioned way,
it's worth a shot.
-dre.
|