On Fri, Mar 15, 2013 at 11:47 PM, Daniel Friesen <daniel(a)nadir-seen-fire.com
wrote:
> On Thu, 14 Mar 2013 12:55:16 -0700, Brion Vibber <bvibber(a)wikimedia.org>
wrote:
>
> Text captchas will have a 'question' subfield to be presented; image
>> captchas will have a 'url' field which should be loaded as the image.
>> 'type' and 'mime' will vary, and probably shouldn't be used
too closely.
>>
>
> Some captchas (iirc ReCaptcha) won't give you easy access to the image.
> And this plan won't be compatible with the variety of new captcha types
> like the KittenAuth-like category of CAPTCHAs.
> Differentiating between the types just to support text CAPTCHAs (which are
> really the easiest CAPTCHAs to break) also sounds unfortunate.
>
I should point out that I haven't invented this just now; this system has
been in place for at least a couple of years for action=edit and
action=login.
We might just have to do something that outputs a blob
of html or a url to
a html document (either perhaps as a frame url or a url to fetch the blob
of html from).
*nod*
Let's make it a URL if possible; that can be exposed as an iframe in web
apps or a web view of some kind for native apps, without exposing HTML
injection.
If we get all the captcha plugins retrofitted it'd be great to document the
system better for bot & client tool authors. :)
-- brion