forms

How to stop a form from blocking paste in Safari

This is a quick blog post, mostly for my own reference.

I finally got sick of a certain government website thinking that preventing pasting passwords into certain forms was some sort of security feature, so I am documenting my workaround in Safari for stupid forms written by compliance-minded folks (the same who think that expiring passwords every 30 days leads to any kind of better security).

In Safari, select Develop > Show Javascript Console (or press ⌥⌘C, that's Option + Command + 'C')1.

Paste the following into the console and press 'Enter':

var allowPaste = function(e){
  e.stopImmediatePropagation();
  return true;
};
document.addEventListener('paste', allowPaste, true);

Now you can paste to your heart's content.

1 If you don’t see the Develop menu in the menu bar, choose Safari > Preferences, click Advanced, then select “Show Develop menu in menu bar.”

reCAPTCHAs are easier to read—but they're still a bad idea

From the article reCAPTCHAs are finally readable by normal humans:

Google today announced that reCAPTCHAs served up to humans are finally readable without the need to squint your eyes or bang your keyboard in frustration after typing the wrong sequence of letters five times in a row. Who can even read those things, amirite?

I'm glad Google is making CAPTCHAs easier for humans to read. For the very, very rare times when they're necessary, that's a good thing.

However, I want to make an appeal to the thousands of developers who are thinking of implementing a CAPTCHA to deal with their site's form/registration spam: use CAPTCHAs only as a last resort.

CAPTCHAs - the Nuclear Form Spam Prevention Technique
CAPTCHAs: The nuclear option.

Preventing Form Spam

Spam email folder - Gmail interface

There are many different techniques for preventing form spam on your website, and an important component of the battle against spam is your constant struggle between giving your 'real' users a good experience while preventing spammers and automated bots from spamming you and lowering the quality of the content on your website.

A Constant User-Experience Battle

Usually, the first thing someone will do after having trouble fighting spammers by manual comment/content moderation is place a complex CAPTCHA system on their forms. Something like this:

Spam CAPTCHA text difficult to read