Using Anti Spam Fields in Enterprise Forms - BloomReach Experience - Open Source CMS

This article covers a Hippo CMS version 12. There's an updated version available that covers our most recent release.

14-09-2017

Using Anti Spam Fields in Enterprise Forms

Enterprise Forms provides an Anti Spam field, which can be configured as either a Slider or a Honeypot field.

Slider

When an Anti Spam field is configured as Slider, the idea is that the site renders a slider (or another front-end widget), which dynamically (through Javascript) adds a name-value pair to the to-be-protected form. Upon submission of the form, the back-end applies the Slider's validation rule, which requires the Slider field to be present and non-empty.

The Enterprise Forms demo project includes an "Anti-Spam Form" with a Slider, which uses a jQuery-based slider widget. Consult the relevant demo templates to see how the demo project supports Anti Spam fields of type Slider.

Honeypot

When an Anti Spam field is configured as Honeypot, the idea is that the field is rendered invisible, such that normal (human) users do not see it and don't fill in a value. Upon submission of the form, the back-end applies the Honeypot's validation rule, which requires the Honeypot field to be empty.

The Enterprise Forms demo project includes an "Anti-Spam Form" with a Honeypot, which is rendered with the specified custom CSS class (which would typically trigger a CSS display:none value), or a style="display:none" attribute if no custom CSS class is specified. Consult the relevant demo templates to see how the demo project supports Anti Spam fields of type Honeypot.

Note that when using Anti-spam fields in your project's forms, your project should at least have dedicated support for the Slider type of field (because its validation rule requires a non-empty value). Not supporting the Honeypot type of field will work, but may produce a false sense of protection, because when the field is not added to the form's DOM, it has no protective effect at all.

Disabling Anti Spam fields

By default, the Anti Spam field type is shown in the CMS' form editor, so it can be added to new or existing form documents. If your project does not wish to support this field type, we recommend to disable it in order to avoid building broken forms or creating a false sense of protection (see Note above). The Anti Spam field type (or any other field type) can be disabled in the repository-based configuration of the Enterprise Forms document type (eforms:form). In the Console, navigate to

/hippo:namespaces/eforms/form/editor:templates/_default_/root/cluster.options

and add the following value to the multi-valued String-property field.exclude:

com.onehippo.cms7.eforms.cms.fields.AntiSpamField

In order to automatically roll out this change into a production environment, add a YAML definition with an add operation to your project's repository-data-application module:

definitions:
  config:
    /hippo:namespaces/eforms/form/editor:templates/_default_/root/cluster.options:
      field.exclude:
        operation: add
        type: string
        value: [com.onehippo.cms7.eforms.cms.fields.AntiSpamField]
Did you find this page helpful?
How could this documentation serve you better?
On this page
    Did you find this page helpful?
    How could this documentation serve you better?