Form compatibility with reCAPTCHA v3

Highlighted

Re: Form compatibility with reCAPTCHA v3

Been messing with this for a couple days and have not yet solved the riddle of why the .submit() is firing repeatedly. The ".then()" block doesn't fire unless the button is clicked, but without the .submit() I haven't been able to get it to submit on first interaction with the button. With .submit() the form submits continuously until the redirect behavior takes place (redirect to thank you page, etc). 

Highlighted

Re: Form compatibility with reCAPTCHA v3

Let's look at it over a screenshare when you have time.

Highlighted
Level 3

Re: Form compatibility with reCAPTCHA v3

The .submit() method starts the submit flow: performs validation, fires any .onSubmit() events, submits the form, and fires any .onSuccess() events if form submission was successful.

Calling .submit() from within .onValidate() explicitly creates an infinite loop.

Changing

   mktoForm.onValidate(function(native) {

to

   mktoForm.whenReady(function(native) {

and removing

   mktoForm.submit();

may be sufficient to prevent the looping. I believe that will also submit the form on the first click as it moves this code outside of that flow.

Highlighted
Level 1

Re: Form compatibility with reCAPTCHA v3

I've got this implementation working for both Marketo landing page forms and embedded forms on our website, however, when there are multiple forms, the second form's submit is always disabled. What modifications need to be made to the CodePen so that it works for all forms on the page?

 

Thanks for all of the Marketo insight!

Highlighted

Re: Form compatibility with reCAPTCHA v3

Hi,

Silly question, but is the JS added in the form or landing page html?


Thanks!


Steve

Highlighted

Re: Form compatibility with reCAPTCHA v3

In the Landing Page HTML, or in a separate .JS file, is a lot easier to manage than trying to embed in a Rich Text area.

Highlighted

Re: Form compatibility with reCAPTCHA v3

Thanks Sanford,

Is it necessary to add the top portion of the script?

I ask because I notice you reference a specific form in this script, and the template I edited uses many different forms. I was concerned that if I add the part at top it would cause a problem if I use a form different than the one referenced here.


I tried adding just the bottom part of the script to the template and it seems to be working correctly,  but I just wanted to confirm if the top portion is necessary. Thanks!

Put this right BEFORE the <body> tag:

 

<!-- standard embed code -->

<script src="//app-sj20.marketo.com/js/forms2/js/forms2.min.js"></script>

<form id="mktoForm_1428"></form>

<script>MktoForms2.loadForm("//app-sj20.marketo.com", "122-YZF-525", 1428);</script>

<!-- /standard embed code -->

Highlighted

Re: Form compatibility with reCAPTCHA v3

You don't need to re-include the standard embed code, no.

Highlighted

Re: Form compatibility with reCAPTCHA v3

Thanks so much!

One last question – do you have any insight into how exactly V3 works? I am used to seeing the bridges and fire hydrants that need to be selected, but V3 seems to recognize spam without requiring user participation. I assume they must do this by recognizing IP addresses likely to be bots?

If that is the case, do you know what happens when someone that Google identifies as spam tries to fill out the form? Does the recaptcha V3 prevent them from filling out the form, or does it send some value through the form telling me that this is likely a spam bot?

Thanks, I am trying to do some research myself but haven’t found what I am looking for. The best explanation I found is this https://codeforgeek.com/google-recaptcha-v3-tutorial/ saying that the form wont be able to be filled out, but just wanted to confirm that is your understanding as well.

As always, thanks!

Steve

Steve Schimmel | Marketing Automation Expert | Sony Electronics Inc. | Professional Solutions Americas | P 201-930-7124 | C 201-312-4505 | stephen.schimmel@am.sony.com<mailto:stephen.schimmel@am.sony.com>

Please consider the environment before printing this email.

<https://pro.sony.com/bbsc/ssr/show-mobileapp/resource.solutions.bbsccms-assets-show-mobileapp-mobileappdownload.shtml?PID=I:hp_bottom_carousel:Mobile_App>

Highlighted

Re: Form compatibility with reCAPTCHA v3

reCAPTCHA (all versions) never stops a form from being so submitted by an attacker. The idea is that the non-human quality of the form post is detected on the server, based on the "fingerprint" taken by the reCAPTCHA JS library.

You need to wait for the fingerprint to be generated, but under no circumstances do you know *on the client* whether the fingerprint is legit or not. That gets checked on the server.

reCAPTCHA v3 takes the fingerprint beyond just Boolean non-human/human and generates a numeric certainty value instead (between 0 and 1). You decide on the server what your threshold will be, based on characteristics of your users (usu. the question is whether 0.6 and 0.7 are rounded down to non-human).