reCAPTCHA and XHTML | Rickard Andersson


I’ve been relying on reCAPTCHA using the official WordPress plugin to protect against spam on the blog for some time. All the while, I’ve just assumed whatever markup it spat out would be XHTML 1.0 Strict. Then yesterday, while tinkering with something unrelated, I decided to run the blog through the validator and noticed the reCAPTCHA stuff was far from valid XHTML. I thought this was odd so I searched for a discussion on the subject, but I didn’t find much. I did run across a discussion on the reCAPTCHA mailing list though. In it, I found this little bit:

The reCAPTCHA team is not going to be developing XHTML fixes.

And that’s from someone at Why not just release a quick fix and get it over with? Is it just me or is this really odd behavior? Why wouldn’t they make it valid out of the box? The fact that you have to hack the scripts in order to use it with XHTML is a huge turn-off for a lot of people.

As a result of this, I’ve decided to remove reCAPTCHA from the blog in protest. Come on Recaptcha! Get with the program.


  1. Ben Maurer
    Posted February 25, 2008 at 18:24 | Permalink


    I’m an engineer on the reCAPTCHA team.

    First of all, that statement is simply saying that the reCAPTCHA team doesn’t have the time to develop XHTML compliance fixes. However, that doesn’t mean we don’t want them or that we won’t accept patches.

    We’ve seen a number of patches for the wordpress plugin. However, each one has had a number of issues that could cause problems for existing users. For example, part of the fix requires using the w3c specified tag rather than the de facto standard tag for users without Javascript. Including this change would require us to do quite a bit of testing to ensure that it really is compatible. Another change could have potentially prevented the “post comment” button from showing up in some themes.

    We’re more than willing to include a well tested, low-risk XHTML compliance patch. Our mailing list has some comments about how to apply these fixes on your own for people who are trend setters in standards compliance. However, we feel that it’s irresponsible to make changes that might cause issues for users for the sole purpose of satisfying the w3c validator

    For what it’s worth, very few “web 2.0” APIs are actually XHTML compliant (adsense & google maps use iframes and document.write).


  2. Posted February 25, 2008 at 22:37 | Permalink

    Hi Ben,

    Thanks for the reply. I see your point and I understand that you want to avoid any issues for existing users, but if that’s the case, then why not make it optional? When enabled, recaptcha would output compliant markup and supply the “challenge script” on your server with an additional parameter (apart from the API key) so that it knows whether to use document.write or to use the DOM. With this in place, there’s zero risk of incompatibilities for existing users and you give people the option of using recaptcha on XHTML sites.

    I did notice someone on your team posted “I don’t think that it’s really worth going to the trouble of having a configurable option for this” so I guess there’s no point in me even bringing this up.

    By the way. I don’t in any way consider myself to be a “trend setter in standards compliance”. I’m just a tad anal about things like this and I know there are a lot of people like me.

  3. Ben Maurer
    Posted February 26, 2008 at 01:58 | Permalink


    We already have an API that allows one to avoid document.write (our ajax API). This doesn’t solve the iframe issue.

    In terms of making an option — I want to get a real fix, not a hack. If we add the option, it will bloat up the API until the end of time. It’s also more code that we have to test (HTML & CSS have a funny way of breaking depending on where they get embeded).

    – Ben

  4. Posted April 16, 2008 at 05:35 | Permalink

    I used that recaptcha and still got tons of spam. I have a blogpost on somethings you can do to lower the amount of spam in wordpress.
    Akismet is more of a filtering tool than prevention.

    I also have some posts on ways to prevent spam on PunBB ;)

  5. Posted July 29, 2009 at 12:08 | Permalink

    I’ve published a fix so reCaptcha passes XHTML 1.0 Strict validation:

  6. moroz1999
    Posted October 12, 2010 at 11:14 | Permalink

    Hi Ben.

    The difference between Google Maps, Adsense and Recaptcha is that regardless validation and so on, first two widgets work well with XHTML webpages. Recaptcha is non-functional with application/xhtml+xml at all, this is the difference.
    Screw this validation, make it at least working!

  7. Posted May 23, 2011 at 23:30 | Permalink

    Boriel your fix works perfect thank you very very nice. I was kinda bummed all my pages had been validating and then I added reCaptcha and they started to fail validation. @Ben I hope you guys consider this int he future. Thank you for the great reCaptcha service. :)

Post a Comment

Comments are moderated. Your email is never published nor shared.