Recaptcha breaking with attribute name="submit" on button - recaptcha

I think I may have come across a bug, or this could be a known thing. When I have the attribute name=”submit” in my submit button that contains the data-sitekey and data-callback, I get an “Uncaught (in promise) TypeError” in my console and it fails to continue doing anything.
As soon as I change the name attribute value to something other than submit it works.
I tried reporting this as a bug to recaptcha but there email for reporting bugs is no longer available.

I suggest trying a different captcha version. Invisible recaptcha is a new and better way of secority.
With a wrapper widget it can be a great solution with click functionality as well.
Have a look at this widget: https://www.custom-captcha.com/
CustomCaptcha.init("<your reCaptcha v3 siteKey>");
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/custom-recaptcha/dist/custom_captcha.min.css"></link>
<script src="https://cdn.jsdelivr.net/npm/custom-recaptcha/dist/custom_captcha.min.js"></script>
<captcha required></captcha>
Please note: The snippet above just shows the widget itself, and cannot work because there is no valid captcha key for the snippet site.
By default the widget has the website favicon as icon (which I think is a really nice feature) but it can be changed.

Related

Test invisible recaptcha

We have integrated invisible recaptcha in one of our websites. Whenever we submit the form it automatically submits.
I read in some google groups that we would get a challenge when accessed on edge browser. But for us, it is automatically submitted.
Any specific steps to test the invisible recaptcha?
You can test invisible recaptcha by using Chrome emulator.
You will need to add a new custom device (BOT) in developer tools, and set User Agent String to Googlebot/2.1 on Desktop. Then use the new BOT device when testing on your site to trigger the recaptcha authentication.
Note: ReCaptcha v3 will still let the google bot pass as it has a score of 0.9 when emulating in Chrome.
V2 INVISIBLE
In this case just use Incognito or Private browsing to see it works.
Here is the testing link where ReCaptcha is working:
https://www.google.com/recaptcha/api2/demo?invisible=true
Please give the credits to the guys in comments below.
I found an excellent answer that works as of 2018-08-27.
In Chrome, hit F12 to open the Developer Console. Next, toggle the Device Toolbar, select a device and click Edit... Now, add a new device with the following configuration:
Once you hit save and use the new device, the ReCaptcha should open a modal requiring the user to match images.
Credit: This answer was originally posted on https://www.tectite.com/fmhowto/test-invisible-recaptcha.php?WWWTECTITE=p32j2na5otc4rmtbmfsmf9rci6
May 2021
Everyone was talking about using the demo page to test it out. What we get after we tested and how it should looks like is what everyone miss out. Or probably thats why most of us are still searching for the answer.
Even though this question is 3yrs old, still its not clear how this recaptcha works. Iam trying my best to break in steps. Let me know if its works for you.
Google Demo page test
Important
Follow the steps below in the Incognito window
with the parameter
Go to this url https://www.google.com/recaptcha/api2/demo?invisible=true (notice the url has ?invisible=true parameter at the end)
You should see nothing but an pre-filled form with an active 'submit' button with no 'checkbox' captcha, instead you will see the badge at the bottom right.
Click the 'Submit' button and you should see something like this. This is the verification check point.
4. Select the relevant image and the page should redirect with the message saying
Verification Success... Hooray!
But what if you didn't see any image?
If you are not seeing any verification image and the form submits with
Verification Success... Hooray!
then either the form is not working (mostly that's not the case) or you need to clear your browser cache and try again.
without the parameter
Go to this url, https://www.google.com/recaptcha/api2/demo (notice, i have removed the ?invisible=true parameter from the url)
You should see the good 'ol robot checkbox captcha above the 'Submit' button.
3. Also you can notice there won't be captcha badge at the bottom right.
Your Website
Try it in the Incognito window
Just like the demo you should get the same result in your website if you use invisible captcha. (Don't worry about the url parameters)
If your page displayed the captcha badge at the bottom right then after clicking the 'submit' button you should see the popup image window.
If you do not get any popup and the form submits then there's an issue with your captcha or could be browser cache.
Not seeing the checkbox ... ?
Here are some notes from reCaptcha help page - https://support.google.com/recaptcha#6223828
If you're seeing this reCAPTCHA challenge, your browser environment doesn't support the reCAPTCHA checkbox widget.
There are a few steps you can take to improve your experience:
Make sure your browser is fully updated (see minimum browser requirements)
Check that JavaScript is enabled in your browser
Try disabling plugins that might conflict with reCAPTCHA
Please note that some sites may have incorrectly integrated with reCAPTCHA - in this case please contact the site's webmaster.
WordPress Contact Form 7 users
You do not need to add the [recaptcha] tag.
reCAPTCHA v3 doesn’t need a CAPTCHA widget (the “I’m not a robot” checkbox used in reCAPTCHA v2) to work, so [recaptcha] form-tags are no longer necessary. If [recaptcha] form-tags are found in a form template, Contact Form 7 5.1 or higher ignores them and replaces them with an empty string.
https://contactform7.com/recaptcha/
As of 2019-06-21, it appears that it is sufficient with Google Chrome (v74.0.3729.169) to bring up a new incognito window to force the recaptcha to execute. (I had needed this for our own recaptcha testing, so I'm glad I found it.)
I am still struggling a little bit with this but I found that the following things make invisible recaptcha puzzle more likely to appear:
Log into the recaptcha admin and set it to maximum security
Open your site from an incognito tab.
Sometimes leaving the login page open and trying to login after some time has passed seems to trigger the recaptcha puzzle.
I must admit though that these don't work all of the times and there are times that I really struggle to get it to work.
Update: It seems a bit strange but I have found that the invisible ReCaptcha is more likely to appear when I submit a form using the Enter key instead of pressing a button with the mouse.
Invisible recaptcha check fails if you try to access your page via automated tests (in my case chrome browser) since chrome has a feature to recognize if the browsers is controlled by such software... so try to create easy tests in Python or Java(+webdriver), to see if recaptcha is implemented correctly.
If you did not implement the code yourself, the first thing to check is the source code, see if reCaptcha is actually loaded. When using a CMS, I search for this line (or similar):
script type='text/javascript' async defer src='https://www.google.com/recaptcha/api.js?onload=renderInvisibleReCaptcha&render=explicit&hl=de-CH'
If you have the luxury of a VPN, switch to a bad rep IP or country or an IP commonly used for P2P. This works for me most of the time.
Go thru the steps to test the re-captcha with dev tools open. Go to the network tab and find the POST where the form is submitted. Right click that line and copy as cURL.
Paste into the CLI and voila, you get the failure and the output of the cURL is the HTML that the server sent back.
2022 Answer that worked for me!
Please do give this one a go as it's the only one that actually worked for me after hours of testing.
Go to your reCAPTCHA admin account: https://www.google.com/recaptcha/admin/
Go to your site settings
Move the "Security Preference" slider all the way to the right to make reCAPTCHA trigger more often
Open an Incognito window, or even better a secure web browser with a built in encrypted proxy (I think this makes reCAPTCHA more suspicious of your browser) - I used a browser call Epic Browser, which is also Chromium based: https://www.epicbrowser.com/. Note: Just using Incognito on Chrome did not work for me, hence why I went to go use Epic.
Attempt to submit your form - you should hopefully receive the popup check!
As others mentioned you can also test if the browser alone triggers reCAPTCHA check by going to https://www.google.com/recaptcha/api2/demo?invisible=true and submitting the form.
This finally helped me as I was going crazy thinking my reCAPTCHA setup was not working and that I coded something wrong... But no, it was working! Just not very suspicious apparently.
I hope this helps someone as it did me!
The way I tackled it:
Go to your POST to google.com/recaptcha/api/siteverify
Before the response is returned, set the success property in the response to false.
I'm using Guzzle in Laravel (thanks to this example):
$response = $client->post('https://www.google.com/recaptcha/api/siteverify', [
'query' => [
'secret' => env('RECAPTCHA_V3_SECRET_KEY'),
'response' => $value,
'remoteip' => $_SERVER['REMOTE_ADDR'],
]
]);
$body = $response->getBody();
$contents = json_decode($body->getContents());
$contents->success = false;
return $contents;

How To Create Custom CSS Theme For Google no CAPTCHA reCAPTCHA

I tried to make any customization to Google no CAPTCHA reCAPTCHA and failed.
The main thing that I want to do is to change its width, height, and color.
Can any one help me please.
The noCaptcha reCaptcha client code is an iframe.
You can just choose between dark and light Google provided themes.
UPDATE: You cannot modify the content inside an iframe, unless it's the same domain. Some services let you pass parameters in the url query, but this is not the case.
I also faced same problem with google new captcha but this trick worked fine for me.
<div class="g-recaptcha" data-theme="light" id="google-captcha" data-sitekey="yoursecretkey" style="transform:scale(0.77);-webkit-transform:scale(0.77);transform-origin:0 0;-webkit-transform-origin:0 0;"></div>
You can also check this link for more information. I hope this will help some one.

Joomla Editor form action target="_blank" truncated issue

While i was inserting a form into an article in Joomla, i had to place the forms target attribute as target="_blank" so that when the user submits the form, the form submits to a new page.
But as per Joomla's default configuration everything including form's markup went into the article html data except for the attribute target="_blank".
The editor used during the issue was Tinymce.
I'm trying to fix this issue without having to edit the source code in javascript or php.
I'm hoping for a quick fix from the Joomla's configuration somewhere.
Thanks everyone for the support.
Finally I got it figured out, without even having to change one single line of source code.
The issue was indeed by the extended valid elements options of the tinymce editor to be used.
But in Joomla, the tinymce plugin does allow to handle it from the plugin backend.
Goto Joomla plugin manager => Editor- TinyMce
Under the right Plugin configuration options, you can see at the bottom the configuration option:
Extended Valid Elements
There you can add the values
form[action|accept|accept-charset|enctype|method|target] & click save/apply.
Add the target="_blank" anywhere in your article html code & it will not be trucated anymore
:)
Cheers
I hope this helps someone who stumbled on this issue.

Eventbrite Event Lists widget not working

I have played with the other widgets on the Eventbrite's API page and got each of them to work. The only one that I'm having difficulty with is the Event List widget.
I've hunted around online for a tutorial with more information or anything to see what I might be doing wrong, but have not been successful.
When I copy and paste the text, nothing shows up. So I tried changing the API Key and ID to mine and nothing shows up. Does anyone know if it no longer works or if there's something more that I have to add to the code that isn't too clear in the description for the Event List widget?
What languuage are you working in?
Eventbrite's open source example code section should provide some additional examples:
http://eventbrite.github.com/#examples
I was having the same problem, and I noticed the first script tag in the example from EventBrite is missing "http:" in the src attribute. Once I added this, it worked.
<script type='text/javascript' src="//ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script>
should instead be...
<script type='text/javascript' src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script>

What causes the "user agent stylesheet" to use "border-box" instead of "content-box" for box-sizing?

I'm under the impression that the user agent stylesheet in browsers such as Safari, Chrome and Firefox is something that is internal to the browser and can't be directly modified (rather a style property needs to be overridden).
I'm also under the impression due to various websites including Mozilla's that the default value of the box-sizing property for Webkit and Mozilla is "content-box."
I tested this on a rather simple dummy page viewed in various browsers.
My problem is that on two pages in our production application the default property is different, and we can't figure out why this is.
One one page we see a box-sizing property of "border-box" in the Web Inspector or console. It's assigned to the CSS selector input:not([type="image"]), textarea.
On the other page there is no mention of the box-sizing property in the Web Inspector or console.
Does anyone know if there's some way to directly affect the box-sizing definition in the user agent stylesheet for a particular page? Maybe there's a library that does this? We're using prototype.js and swfobject.js in the application...
UPDATE: In case I wasn't clear on almost every page in my web application and in every "dummy" page I've tested on the box-sizing property has the default "content-box" value. For some reason one particular page in my web application shows in the web inspector that the user agent stylesheet (the one used by the browser for its defaults) has set that property to "border-box." I can't for the life of me figure out why this is. I'm looking for anything that might cause Firefox to change what its default value for that property is.
Just had this same issue. What was happening in my case was that someone had put a snippet of Javascript code above the <!doctype html>. As a result, when I inspected DOM through firebug, it appeared that the document didn't have a doctype.
When I removed the snippet of JS code such that the doctype declaration was at the very top of the file, the doctype reappeared and fixed the box-sizing problems I was seeing (the same one you had).
See:
Hope this helps.
I had the same issue on chrome which by default added the following user agent style rule:
input:not([type="image"]), textarea {
box-sizing: border-box;
}
After adding the doctype property <!DOCTYPE html> the rule no longer appeared.
No, you can't touch the browser default stylesheet, and yes, browsers do have different rules for box-sizing specifically in respect to form fields. This is for compatibility with old browsers that used to implement form fields entirely with native OS widgets that CSS couldn't style (and so which didn't have ‘border’ or ‘padding’ as such).
Why not just put your box-sizing/-moz-box-sizing/-webkit-box-sizing rule in the site stylesheet? Works for me, I often use this to make inputs with set widths line up across modern browsers. (IE 6–7 don't support it, though, so need some extra help.)

Resources