I'm thinking this might be a quick and easy way to lower the form spam on our site just a little bit. The idea being that (I have read) spammers aren't running with javascript enabled. (Or at least they are accessing your website without running javascript. I.e., they aren't browsing up to it in IE or FF.
I can use .asp or .aspx.
I'm thinking this might be a quick and easy way to lower the form spam on our site just a little bit. The idea being that (I have read) spammers aren't running with javascript enabled. (Or at least they are accessing your website without running javascript. I.e., they aren't browsing up to it in IE or FF.
I can use .asp or .aspx.
Share Improve this question edited Apr 28, 2016 at 5:29 Alexander O'Mara 60.6k19 gold badges172 silver badges181 bronze badges asked Sep 9, 2008 at 17:01 Clay NicholsClay Nichols 12.2k30 gold badges114 silver badges178 bronze badges5 Answers
Reset to default 7The simplest way is to set a cookie via javascript and check for it on postback.However, if you're looking to minimize spam you should actually have the browser perform a simple task which requires javascript execution. See Phil Haack's "Invisibile Captcha Validator" control, which has since been included in his Subkismet library: http://haacked./archive/2006/09/26/Lightweight_Invisible_CAPTCHA_Validator_Control.aspx
In , you can use Request.Browser.JavaScript to detect if the browser supports JavaScript. However, the user may still have Javascript disabled. An ugly way to check to see if Javascript is enabled, is to use window.location to redirect to page.aspx?jscript=true, and then check Request.Querystring for that value.
So, you want to force users to use JavaScript in order to use your site? I'd rather just use a simple Captcha. If you aren't a big-name site, you can get away with some relatively simple Captchas.
That's how we reduced spam at our site.
To be honest, you shouldn't need to use a server-side language to detect javascript, and furthermore spammers are not necessarily not running javascript. (sorry about the double-negative) Your objective is good, but your approach is wrong - implementing a CAPTCHA, as suggested by a few of our peers, would be a great way to handle this.
I see you've accepted the noscript answer, but how will you use this to fight spam? noscript will allow you to add special content for users without JS, but unless you're generating the rest of your site in JS, it will still be available to user agents without JS.
A captcha of some sort is still likely the best bet. Ultimately, you're trying to get the user agent to prove that it's being controlled by a human, so do your best to make it prove that actual fact, instead of something else. Screen readers for the visually impaired typically go without Javascript, too, and many people browsing from mobile devices have Javascript disabled to speed things up.