Zesty.io Documentation
Zesty.io Documentation
Zesty.io
Open Source
ATOM Plugin
Start Trial
Introduction
Quick Start Guide
Common Concepts
Glossary
Services
WebEngine
DAM (Media Management)
Accounts UI
Manager UI
EcoSystems
APIs
Overview
Auth API
Accounts API
Instances API
Instant API (Read Only)
GraphQL
Tools & Resources
Guides
Adding a Favicon
Analytics
Adding Image Alt Text
Accepting an Invite to an Instance
Accessing Basic API JSON Endpoints
Adding Instances to EcoSystems
Bottom Loading JavaScript
Building the Schema and Selecting Fields
Content Entry, Drafts, and Publishing
Controlling and use of og:image
Creating a Customizable JSON Endpoint For Content
Creating a feed
Creating a Lead Form
Creating and Adding a Team
Editor and Coding Basics
How Webpages are Assembled
How do Instance or Blueprint LESS Variables Work
How to Create a one_to_many Relationship
How to Create one_to_one Relationships
Export Content Model to CSV
How to Create a Search Page
How to Deal With CORS
How to Filter by Tags
How to Implement Cross-instance Content Sharing
Integrations
Forms and Form Webhooks
How to Implement Simple Pagination
How to Launch an Instance
How to Personalize User Experience by Accessing Geolocation
Personalize User Experience with JavaScript Cookies
How to Personalize User Experience with Session Variables
How to Prevent Bots From Submitting Forms
How to Set Up Internationalization (i18n)
How to Use the Safe Email Send To Setting
How to Create a Blueprint in Github
JavaScript Component Libraries
Building Related Single and Multi-page Content Models
Microsoft Single Sign-On (SSO)
Password Protect Web Engine Preview
Refreshing the Cache
Reordering Child Items in a Parsley Auto-generated Navigation Bar
Setting up Google Analytics for GDPR
Setting up the x-default hreflang header
Setting Up Two-factor Authentication
Using Snippets
Video Embedding or Streaming Capabilities
Node SDK
Atom IDE Package
Chrome Browser Extension
Headless Code Examples
Salesforce Commerce Cloud
Community
RFCs/Specs
Powered by GitBook

How to Prevent Bots From Submitting Forms

Are bots submitting your form? Screen out form submissions by bots by implementing our honeypot feature.

Overview

A honeypot is a feature that's added to site manager and site engine to prevent spam. Learn more about honeypots [here](https://en.wikipedia.org/wiki/Honeypot_(computing)). The idea is that a hidden HTML input can be injected by JavaScript or coded in with HTML. When a bot fills out and submits a form including that hidden input with a value the server will trigger a 500 error thus preventing spam. In other words: the honeypot code will not be visible to a site's visitors and will work at a server level to deflect spam.

How it works

When the honeypot is turned on and a form is submitted the server looks for the hidden input with a name attribute matching the honeypot field string and a value attribute that's empty. If either of those requirements are not met then the server will return a 500. The following examples describe this process in more detail.

Submission will fail if honeypot is turned ON and:

  • The hidden HTML input with the honeypot code has not appended to your form.

  • The name attribute does not match the honeypot field.

  • A value attribute has been set. For example <input ... value="wlkncitns">.

Submission will succeed if honeypot is turned on and:

  • The name attribute matches the honeypot field and the value attribute is empty.

Setting up the honeypot

The honeypot setting is accessed by navigating to the Schema section -> Instance Settings -> Contact Form. This setting will be off by default. To turn this setting on simply add text to the honeypot field and save, and then navigate to the Editor section and add this Parsley call for the honeypot field to all of your forms: {{setting.contact-form.honeypot}}. Once the honeypot is turned on it will affect ALL forms on an instance.

Coding in the honeypot with JavaScript or HTML

If there are multiple forms on your instance it's likely easier to append your forms with the honeypot code using JavaScript. Otherwise you can simply add 1 line of code in HTML.

JavaScript

Honeypots can be added to all forms with simple JavaScript at the end of the loader file. This code will append the honeypot to all of your forms.

var input = document.createElement('input');
input.setAttribute('name','{{setting.contact-form.honeypot}}');  input.setAttribute('type','hidden'); (edited)
document.querySelectorAll('form').forEach(form =>; { form.appendChild(input); });

HTML

To add the honeypot code with HTML, add the following line between your HTML form tags.

<input type="hidden" name="{{setting.contact-form.honeypot}}" value="">

Previous
How to Personalize User Experience with Session Variables
Next
How to Set Up Internationalization (i18n)
Last updated 6 months ago
Edit on GitHub
Contents
Overview
How it works
Setting up the honeypot