I am trying to validate Captcha using JavaScript. But I could't find any resource about Client API's of Captcha. Do you have any documentation?
+2
A:
Validating a captcha with javascript would mean that you would need to have some representation of your captcha text visible in your html source, which is automatically visible to a bot.
I think a possibility if you absolutely have to validate using javascript would be to hash your captcha text server side, load it in a javascript variable, and then validate using the equivalent javascript hashing function.
Eric
2010-01-04 09:07:46
You could use AJAX so that you don't have to store the text on the client.
Jan Hančič
2010-01-04 09:08:37
The problem is what ever event/function the JS will call if valid could be called by the bot without ever testing the CAPTCHA
Jeff Beck
2010-01-04 09:11:44
Thanks for your Suggestions
vasanth
2010-01-15 03:31:24
+11
A:
If you could validate the captcha through JavaScript that would mean the means of finding out the valid code would be readily available in the code that you're passing to the client, which would effectively invalidate the use for a captcha altogether.
The only secure way to achieve this would be to send an AJAX request to the server, which would then validate the code. This way, your validation would be done exactly the way you normally validate the captcha on the server.
David Hedlund
2010-01-04 09:08:29
It's also worth noting that the captcha should be refreshed/reset after each failed validation attempt.
Justin Johnson
2010-01-04 10:02:19
+2
A:
It would be a bad idea to validate the CAPTCHA using JavaScript as a robot could easily beat the CAPTCHA then. If you mean you want to make an Ajax call to submit the entered text that is slightly different.
Jeff Beck
2010-01-04 09:09:20
A:
Just as a proof of concept... If you send a HASH of captcha string to browser. You could than dynamically HASH the string entered by the user, and compare the two strings.
Pettt
2010-01-23 13:54:44