Preventing html entries in comments box

Hello community;
I get too much spam coming thru Gravity form submissions.
There’s always links to junk bitcoin sites or some other trash.
I have Honeypot enabled but that isn’t doing much.
Is there a way to block html or website links in the form fields???

Thanks in advance!

1 Like

In what type(s) of fields are you receiving HTML content submissions?

In the comments box.

Gravity Forms does not have a comments box. Can you send a link to the page on your site where we can see your form?

Thanks for the link. You mean the textarea Questions/Comments is getting html submitted in it?

yes the questions comments area

Any answers ??

I have not heard anything for 2 weeks. I would really appreciate anyone who can help with this issue.

As far as I know they should be sanitized before being saved. But look at using g_form_allowable_tags to not allow anything…or maybe not allow tags which will at least stop them from being links.

This is something I am unable to do or understand. Is there a easier method?

Not that I’m aware of. Maybe Chris or someone else knows another way.

1 Like

I use Conditional Logic to Hide the Submit button (Form Settings page) if the Comments field contains ‘http’. Then add a HTML field with a message for humans like ‘Your enquiry contains website links, please remove them to submit the form’, with Conditional Logic to Show if the Comments contains ‘http’.
Not sure if hiding the Submit button stops all spam, but it seems to work.

Thanks Mike. I will try that.
I really wish the developers would make this easier with a simple option to not allow any urls etc in any entry. Anti spam honeypot is not very effective. I get loads of submissions for cialis etc with links.

1 Like

I got the CL to work. The Submit button disappears when specific words are entered in the comments box such as (http & www).
But I don’t see a way to display a message when the bad words are entered.
In the example you provided the submit button goes away and is replaced with a message.

You can add an HTML field which contains the message you want to show. You will use the same rules that you used to hide the submit button, but use them to SHOW the HTML field.

Another option is using the gform_entry_is_spam hook to flag submissions as spam if fields contain URLs.

Thanks for the great ideas. I have implemented CL and everything seems good now!
Best fishes - BM