This bundle provides some basic features to reduce spam in symfony forms.
MIT License
This bundle provides some basic features to reduce spam in Symfony. It is the successor of core23/antispam-bundle
, but not related to isometriks/spam-bundle
.
Honeypot protection for forms: An additional "hidden" (i.e. made invisible with CSS) field will be added to your form. Whoever fills out this field, is considered to be a spam bot.
Time protection for forms: The time between displaying the form and submitting the form is measured. Anybody who submits the form quicker than a certain number of seconds, is considered to be a spam bot. The timestamp is stored in the session.
Email address obfuscation filter for Twig: To prevent spam harvest bots from detecting your email address, they are obfuscated by e.g. replacing @
with [AT]
. The filter will find email addresses automatically, so you can apply it to your entire text.
Open a command console, enter your project directory and execute the following command to download the latest stable version of this bundle:
composer require alexsabur/antispam-bundle
In older versions of Symfony, you need to enable it manually:
// config/bundles.php
return [
// ...
Nucleos\AntiSpamBundle\NucleosAntiSpamBundle::class => ['all' => true],
];
In a controller:
$this->createForm(CustomFormType:class, null, [
// Time protection
'antispam_time' => true,
'antispam_time_min' => 10, // seconds
'antispam_time_max' => 60,
// Honeypot protection
'antispam_honeypot' => true,
'antispam_honeypot_class' => 'hide-me',
'antispam_honeypot_field' => 'email-repeat',
])
In a form class:
class MyType extends AbstractType
{
// ...
public function configureOptions(OptionsResolver $resolver): void
{
$resolver->setDefaults([
// ...
'antispam_time' => true,
'antispam_time_min' => 10,
// same as above
]);
}
}
The Twig filter antispam
replaces @
by e.g. [AT]
.
{# Replace plain text #}
{{ text|antispam }}
{# Replace rich text mails #}
{{ htmlText|antispam(true) }}
If you want a JavaScript decoding for the encoded email addresses, you should use the AntiSpam.js
library:
document.addEventListener('DOMContentLoaded', () => {
new AntiSpam('.custom_class');
});
It is recommended to use webpack / webpack-encore
to include the JavaScript library in your page. This file is located in the assets
folder.
Create a configuration file called nucleos_antispam.yaml
:
# config/packages/nucleos_antispam.yaml
nucleos_antispam:
# Twig mail filter
twig:
mail:
css_class: 'custom_class'
at_text: [ '[AT]', '(AT)', '[T]' ]
dot_text: [ '[DOT]', '(DOT)', '[.]' ]
# Time protection
time:
min: 5
max: 3600
global: true # This will add antispam to all forms
# Honeypot protection
honeypot:
field: 'email_address'
class: 'hidden'
global: false
provider: 'nucleos_antispam.provider.session'
This bundle is under the MIT license.