Re-add the restriction for emails to not include links …

[jkeck]

…(but only for non-logged in users)

If we do go this route, we will likely want to update some relevant help text/flash messages.

Feedback Form/Help Text

Feedback Flash Message

Record Email Form/Help Text

Record Email Flash Message

---

Possible Alternative

The main reason why we are re-implementing this is reCaptcha has been solved and we're seeing an increasing amount of spam coming through. I looked at updating to V3 (although that also appears to have been solved), but it would present some additional design changes. This captcha is no-friction (e.g. no action required by the user) and instead monitors behavior to "score" how likely the user is human vs. a bot. This could allow us to block the emails outright, present a traditional captcha, etc. however; might not actually do us any good if the bots are solving the captcha in other ways.

If we did look into captcha V3, the design changes we'll need to account for is there is a requirement to have the reCaptcha brand, privacy policy link, and ToS link as part of the user flow (source). They add a little icon on all pages, but we could avoid that by adding something like what is described in the above link on the feedback / email forms themselves.

On all pages

vs

Only in the forms/user flow

[ggeisler]

@jkeck @ilya-ux Below are my suggestions. Hopefully I've remembered our discussion well enough that these make sense but let me know if you have questions or suggestions for alternative ways to handle this.

I assume we are going with the captcha V3, using the alternative approach that enables us to hide the reCaptcha badge. The updates below are pretty similar for the two cases (feedback form and item email form) but I'll list them separately.

Item email form

---

• A: Add the .help-block text under the Message field: Do not include links. The email will automatically include a link to the record.
• B: Replace the current reCaptcha box with Google's required text for the alternative: This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. with the "Privacy Policy" and "Terms of Service" phrases links as they suggest.
• B: Left-align it in the modal.
• B: Style this as a .help-block if possible to get the gray text, or otherwise style it so it matches the .help-block text styling. (De-emphasizes it a bit.)

Item email form flash message

---

• This is pretty similar to the current flash message text but I edited it a bit:

Your message appears to be spam and has not been sent. Remove any links in the message and try sending it again.

Feedback form

---

• A: Add the .help-block text under the Message field: Do not include links. Your feedback will automatically include a link to this page.
• B: Replace the current reCaptcha box with Google's required text for the alternative
• B: Put the reCaptcha text within a .col-sm-offset-3 so it gets the same horizontal alignment as the "Reporting from" text at the top of the form.
• B: Style this as a .help-block if possible to get the gray text, or otherwise style it so it matches the .help-block text styling.

Feedback form flash message

---

This is the same flash message as for the item email modal:

Your message appears to be spam and has not been sent. Remove any links in the message and try sending it again.