stackoom
  简体   繁体   中英

addeventlistener for 'keypress' = captcha alternative?

 原文  2010-11-10 09:33:13       javascript/ validation/ captcha/ addeventlistener

Question

Am I right in thinking that spam bots can't simulate the 'keypress' event, and thus I can't get spammed if I require a keypress for each field in my contact form before being able to submit it?

Is this a good alternative to captcha, etc. if I don't care whether or not my viewers have JavaScript enabled?

Wizards, set me right.

2 answers

solution1
 1 ACCPTED  2010-11-10 09:45:43

I'm unsure if they can generate the keypress event "natively" (I think you might be right that they can't, but it wouldn't surprise me to learn that there's some edge case whereby this is possible).

However, I don't think they would have a problem merely executing element.onkeypress() directly. If the bot can determine that it needs to press a key to advance, then what that actually boils down to is that a particular event handler method needs to be invoked - and the bot can do the latter. It can create its own fake Event object too containing the keycode, and then pass this in and/or set it on window.event .

In theory you might be able to detect this by being very strict about instrospecting the event object in your handler. I don't think that the bot would easily be able to create a native-equivalent event object, so perhaps by inspecting the prototype chain you could distringuish between the two. However, this would almost certainly be too fragile for general use, and is not going to reliably work across different browsers/environments/plugins/etc.

Thus I don't think this is a fruitful path, because you can't tell in an event handler whether the event is "real" or not. Browser-native code is different, since bots cannot actually trigger a click event, but within Javascript I don't see a simple way to prevent your method from simply being called.

solution2
 0  2010-11-10 09:50:11

The current implementations of spambots might not be able to do that. But it's not that hard to simulate keypresses. If you're only a small website the bot author might not do the work to circumvent your system, but if it large enough for the auther to care your system will be broken really quick.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Javascript keypress addEventListener addEventListener isn't triggering on keypress keypress event not working with addEventListener Function convert from “onkeypress” to “addeventlistener(”keypress",()=>{}) Canvas - addEventListener not working simulating keypress convert JQuery into addEventListener for keypress event the alternative of addEventListener but without key? Add keypress or eventlistener to input, “TypeError: …addEventListener is not a function” jQuery alternative for addEventListener for custom attribute Chrome extension: adding a keyboard shortcut with Alt with addEventListener('keypress')
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM