reCAPTCHA and XHTML
I’ve been relying on reCAPTCHA using the official WordPress plugin to protect against spam on the blog for some time. All the while, I’ve just assumed whatever markup it spat out would be XHTML 1.0 Strict. Then yesterday, while tinkering with something unrelated, I decided to run the blog through the validator and noticed the reCAPTCHA stuff was far from valid XHTML. I thought this was odd so I searched for a discussion on the subject, but I didn’t find much. I did run across a discussion on the reCAPTCHA mailing list though. In it, I found this little bit:
The reCAPTCHA team is not going to be developing XHTML fixes.
And that’s from someone at recaptcha.net. Why not just release a quick fix and get it over with? Is it just me or is this really odd behavior? Why wouldn’t they make it valid out of the box? The fact that you have to hack the scripts in order to use it with XHTML is a huge turn-off for a lot of people.
As a result of this, I’ve decided to remove reCAPTCHA from the blog in protest. Come on Recaptcha! Get with the program.
5 comments
Hi,
I’m an engineer on the reCAPTCHA team.
First of all, that statement is simply saying that the reCAPTCHA team doesn’t have the time to develop XHTML compliance fixes. However, that doesn’t mean we don’t want them or that we won’t accept patches.
We’ve seen a number of patches for the wordpress plugin. However, each one has had a number of issues that could cause problems for existing users. For example, part of the fix requires using the w3c specified tag rather than the de facto standard tag for users without Javascript. Including this change would require us to do quite a bit of testing to ensure that it really is compatible. Another change could have potentially prevented the “post comment” button from showing up in some themes.
We’re more than willing to include a well tested, low-risk XHTML compliance patch. Our mailing list has some comments about how to apply these fixes on your own for people who are trend setters in standards compliance. However, we feel that it’s irresponsible to make changes that might cause issues for users for the sole purpose of satisfying the w3c validator
For what it’s worth, very few “web 2.0″ APIs are actually XHTML compliant (adsense & google maps use iframes and document.write).
-Ben
Hi Ben,
Thanks for the reply. I see your point and I understand that you want to avoid any issues for existing users, but if that’s the case, then why not make it optional? When enabled, recaptcha would output compliant markup and supply the “challenge script” on your server with an additional parameter (apart from the API key) so that it knows whether to use document.write or to use the DOM. With this in place, there’s zero risk of incompatibilities for existing users and you give people the option of using recaptcha on XHTML sites.
I did notice someone on your team posted “I don’t think that it’s really worth going to the trouble of having a configurable option for this” so I guess there’s no point in me even bringing this up.
By the way. I don’t in any way consider myself to be a “trend setter in standards compliance”. I’m just a tad anal about things like this and I know there are a lot of people like me.
Hi,
We already have an API that allows one to avoid document.write (our ajax API). This doesn’t solve the iframe issue.
In terms of making an option — I want to get a real fix, not a hack. If we add the option, it will bloat up the API until the end of time. It’s also more code that we have to test (HTML & CSS have a funny way of breaking depending on where they get embeded).
- Ben
I used that recaptcha and still got tons of spam. I have a blogpost on somethings you can do to lower the amount of spam in wordpress.
http://jivebay.com/2008/02/10/wordpress-spam-prevention-hack/
Akismet is more of a filtering tool than prevention.
I also have some posts on ways to prevent spam on PunBB ;)
Hi folks, I don´t know who I´m spoking to, but I am a new user of the P2P world, and I get into this message link ´cause I was looking for Mr. Rickard´s E-mail. Only wanna say that I´m happy and proud of being an UPloader, since I begin workin´ with this torrent stuff. You olda kinda computer experts should say: “Oh, one more addict to the Pyrate World” It´s more, It´s for sure. I will work as You dun for makin´it workin´better. best regards. Fábio