Contrib.social

Deleting honeypot field from form allows submission

Open on Drupal.org →
Created on 15 April 2025, about 1 month ago

Problem/Motivation

During recent testing, our QA noticed that if the form field added by honeypot was deleted using the browser's inspector, the form was submitted.

Steps to reproduce

1. open a page with a protected form
2. inspect the page, finding the honeypot field
3. delete this field from the DOM
4. submit form

Proposed resolution

If a form is protected by honeypot, would it not be a good idea to test not only if the form field is empty but also present?

Remaining tasks

Consider proposed resolution and create path.

🐛 Bug report
Status

Active

Version

2.1

Component

Code

Created by

🇬🇧United Kingdom kiwimind

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024