On Mar 18, 2013 12:52 AM, "Tyler Romeo" tylerromeo@gmail.com wrote:
If we return just an HTML blob, then we are enforcing that the client application show the user exactly that output. If we output machine-readable information, then the client can render the CAPTCHA however it wants.
Which is fine, I guess? Mobile apps would want to so it their way, I guess. This will need specific code on the client to handle specific captcha types - and that is OK. Different ones do need to be handled differnetly, for optimal ux.