Module: Panda::CMS::FormsHelper

Defined in:

app/helpers/panda/cms/forms_helper.rb

Instance Method Summary

• #invisible_captcha_field ⇒ String

  Generates the invisible captcha honeypot field This is a hidden field that bots typically fill out but humans don’t.

• #panda_cms_form_timestamp ⇒ String

  Generates a hidden timing field for spam protection This should be included in all forms that submit to Panda::CMS::FormSubmissionsController.

• #panda_cms_protected_form(form, options = {}) {|FormBuilder| ... } ⇒ Object

  Generates a complete spam-protected form wrapper Includes timing protection and invisible captcha honeypot.

Instance Method Details

#invisible_captcha_field ⇒ String

Generates the invisible captcha honeypot field This is a hidden field that bots typically fill out but humans don’t

Returns:

• (String) —

  HTML for invisible captcha field

# File 'app/helpers/panda/cms/forms_helper.rb', line 53

def invisible_captcha_field
  # invisible_captcha gem automatically adds this, but we can add it manually if needed
  # The field name "spinner" is configured in invisible_captcha initializer
  text_field_tag :spinner, nil, style: "position: absolute; left: -9999px; width: 1px; height: 1px;", tabindex: -1, autocomplete: "off", aria_hidden: true
end

#panda_cms_form_timestamp ⇒ String

Generates a hidden timing field for spam protection This should be included in all forms that submit to Panda::CMS::FormSubmissionsController

Examples:

In your form

<%= form_with url: form_submissions_path(form.id), method: :post do |f| %>
  <%= panda_cms_form_timestamp %>
  <%= f.text_field :name %>
  <%= f.submit "Submit" %>
<% end %>

Returns:

• (String) —

  HTML hidden input with current timestamp

# File 'app/helpers/panda/cms/forms_helper.rb', line 17

def panda_cms_form_timestamp
  hidden_field_tag "_form_timestamp", Time.current.to_i
end

#panda_cms_protected_form(form, options = {}) {|FormBuilder| ... } ⇒ Object

Generates a complete spam-protected form wrapper Includes timing protection and invisible captcha honeypot

Examples:

<%= panda_cms_protected_form(form) do |f| %>
  <%= f.text_field :name %>
  <%= f.email_field :email %>
  <%= f.text_area :message %>
  <%= f.submit "Send Message" %>
<% end %>

Parameters:

• form (Panda::CMS::Form) —

  The form model

• options (Hash) (defaults to: {}) —

  Additional options for form_with

Yields:

• (FormBuilder) —

  The form builder

# File 'app/helpers/panda/cms/forms_helper.rb', line 35

def panda_cms_protected_form(form, options = {}, &block)
  default_options = {
    url: "/forms/#{form.id}",
    method: :post,
    data: {turbo: false}
  }

  form_with(**default_options.merge(options)) do |f|
    concat panda_cms_form_timestamp
    concat invisible_captcha_field
    yield f
  end
end