Customizing Django.contrib.comments honeypot

StackOverflow https://stackoverflow.com/questions/14187250

Question

I'm using Django's standard comment system and I would like to extend its anti-spam honeypot capability.

I thought of changing the default "name" and "id" of the field to something more alluring for spam-bots such as "website". I checked the html and this looks like this:

 <p style="display:none;">
    <label for="id_honeypot">Never send a human to do a machine's job</label>
    <input type="text" name="honeypot" id="id_honeypot" />
  </p>

Am I correct in thinking that changing the defaults of this element would boost its anti-spam capabilities? I tried modifying it in the django/contrib/comments/forms.py like this:

class CommentForm(CommentDetailsForm):
    #use to be honeypot = forms.CharField(...
    website      = forms.CharField(required=False,
                                label=_('Never send a human to do a machines job')

def clean_honeypot(self):
    """Check that nothing's been entered into the honeypot."""
    value = self.cleaned_data["website"]
    if value:
        raise forms.ValidationError(self.fields["website"].label)
    return value

And this successfully changes the name and id in the html generated by django BUT then the whole mechanism stops working - I tried populating this invisible field, submitted and the comment was added.

I have a few other ideas as well, but first I'd really like to get this working - is it possible to modify the default honeypot name and id AND have it working like it should?

P.S I believe a more elegent way of doing this would be to extend django.contrib.comments and code the modification there instead of working on actual django code - what would be the best way of accomplishing this?

Was it helpful?

Solution

Given a bit more time to tinker around I found the answer to both of my questions:

In order to modify the standard honeypot or to create your own, you have to extend the CommentForm class by adding a clean_NAME_OF_HONEYPOT function as well as a NAME_OF_HONEYPOT variable both of which look similar to the standard ones and you also have to override the security_errors function to include the name of your new/modified honeypot in the dictionary.

The best way to do this is to create your custom comments app as described here: https://docs.djangoproject.com/en/dev/ref/contrib/comments/custom/ .

I hope this answer helps anyone else in my situation.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top