Add hidden nonce (honeypot) field to filter bot autofills on subs page

This commit is contained in:
Kailash Nadh 2021-04-21 14:01:32 +05:30
parent 97d297e18c
commit fe61e898a3
3 changed files with 13 additions and 0 deletions

View file

@ -302,6 +302,14 @@ func handleSubscriptionForm(c echo.Context) error {
return err
}
// If there's a nonce value, a bot could've filled the form.
if c.FormValue("nonce") != "" {
return c.Render(http.StatusOK, tplMessage,
makeMsgTpl(app.i18n.T("public.errorTitle"), "",
app.i18n.T("public.invalidFeature")))
}
if len(req.SubListUUIDs) == 0 {
return c.Render(http.StatusBadRequest, tplMessage,
makeMsgTpl(app.i18n.T("public.errorTitle"), "",

View file

@ -274,6 +274,9 @@ input[type="text"], input[type="email"], select {
.form .lists {
margin-top: 45px;
}
.form .nonce {
display: none;
}
.footer {
text-align: center;

View file

@ -8,6 +8,8 @@
<p>
<label>{{ L.T "subscribers.email" }}</label>
<input name="email" required="true" type="email" placeholder="{{ L.T "subscribers.email" }}" autofocus="true" >
<input name="nonce" class="nonce" value="" />
</p>
<p>
<label>{{ L.T "public.subName" }}</label>