Hey guys,
I am pretty sure that some of you i hope many of you will have some suggestion for me about my concern.
I have just redesigned a contact page and wanted to make it as painless as it is possible. The captcha can not be avoided but, the background of the input changes and a short feedback text appears if the typed code and the security code are identical.
This is the inline javascript which is executed at onkeyup event
Code:
function count(){
var desc = document.getElementById("seccode_id").value;
var code = "<?php echo $_SESSION['secword'];?>";
if (desc==code)
{document.getElementById("seccode_id").style.backgroundColor="#E2FFB1";
document.getElementById("ok").style.visibility="visible";}
}
I stressed my concer with bold style. The value of the captca is printed into the html code directly. If i placed the javascript into external js file it couldn't parse the php secword session variable, so it must stay in the code.
What do you think, will the spamming robots pick the perfect answer from the html code and inject it into the input form?
Thank you in advance!