TALL-forms
  • TALL-forms
  • Installation
    • Quickstart: Artisan cmd
    • Manual installation
      • Package
      • Translations
      • Css & Theme
      • Javascript
      • Tailwind
      • Laravel Mix
      • Wrapper view
      • Laravel Jetstream/Breeze
  • Upgrade v7 to v8
    • Configuration changes
    • Component & Field changes
    • Blade view changes
    • Notification changes
    • Styling changes
  • Concept
    • Configuration
    • Validation
    • Styling
    • Icons
    • Javascript
    • Layout vs Wrapper
    • Model binding
    • Manually saving data
    • Extend Blade Components
  • Create Forms
    • Form Data
    • Form Types
      • Standard form
      • As modal
      • Without buttons
      • Fields only
      • Headless
    • Form attributes
    • Form buttons
    • Form slots
    • Form methods
    • Lifecycle hooks
    • Render a form
    • Mass generate
  • Fields
    • Declaration
    • Labels
    • Field Slots
    • Field methods
    • Custom field attributes
    • Conditional field
    • Custom view
    • Custom field
    • Custom Livewire component
    • Relations
    • Fields
      • Checkbox
      • Checkboxes
      • FileUpload
      • Honeypot
      • ImageCropper
      • Input
      • Password
      • InputArray
      • KeyVal (array)
      • Radio
      • Range
      • Repeater (array)
      • Search
      • Select & Multiselect
      • Tags
      • TagsSearch
      • Textarea
      • Trix
      • SpatieTags
    • Sponsor Fields
      • More Inputs
      • CKEditor
      • DatePicker
      • Heading
      • Markdown
      • Panels
      • SearchList
      • SelectOptGroup
      • Tabs
      • Trix, file-uploads
  • Blade components
    • Notifications
    • Label wrapper
    • Button
    • Modal blade component
    • Modal form blade component
  • Examples
    • Input examples
    • Array fields example
Powered by GitBook
On this page

Was this helpful?

  1. Fields
  2. Fields

Honeypot

A simple way to try to keep bots from posting forms is to add a honeypot to your form.

  • The trick is to name the field to something that a bot is very likely to auto populate with a value.

  • Add a validation rule that the field should be empty using regex

  • Add autocomplete() to prevent validation errors from browsers autocomplete when the user tries to save the form.

  • Make it type('hidden')

  • Add the class('nosy') to prevent it from taking up space (the .nosy class exists in the theme.css)

Input::make('Street') //name the field to something that a bot has a high likelihood to auto populate
    ->rootAttr([ 'class' => 'hidden' ], false) //hides the fields root wrapper
    ->type('hidden')
    ->autocomplete('srteet') //deliberately misspelled autocomplete to avoid browser autofilling value in the honeypot
    ->custom() //make the field custom, to ignore it when saving the model
    ->class('nosy') //this class exists in the theme.css, makes the field hidden
    ->default('') //the honeypot should be empty
    ->rules('nullable|regex:/^$/i') //the form will not be saved if the field has a value

The .nosy class exists in the theme.css file:

/* honeypot field class */
.nosy {
    position: absolute;
    opacity: 0;
}
PreviousFileUploadNextImageCropper

Last updated 3 years ago

Was this helpful?