Essentials for YOOtheme Pro
Form Validation
Form validation ensures submitted data meets your requirements before processing. The validation is processed at three levels:
- Client-side validation - Optional browser validation before submission
- Server-side validation - Always runs to ensure data integrity
- CAPTCHA verification - Optional human verification to prevent spam
Field Validation
Each field has its own validation rules that will be used for both client and server side validation. For complete validation options see the form field elements documentation.
Client-side Validation
HTML5 validation provides instant feedback in the browser using native validation UI. Is enabled by default, but you can disable when:
- Only server-side validation is needed
- Error message doesn't mach your site styling
- Design consistency across browsers is important
Custom Error Messages
HTML5 validation messages cannot be customized. To use custom messages, disable client side validation on the form settings and rely on server-side validation instead.
Server-side Validation
Always active and cannot be disabled. Validates all submissions regardless of browser settings, ensuring:
- Required fields are completed
- Field values match validation patterns
- Data types are correct
- CAPTCHA challenges pass (when present)
Custom Validation
Add custom validation logic using the Validate Action. This lets you validate data against custom condition rules. Failed validation stops all subsequent actions.
CAPTCHA Validation
CAPTCHAs verify users are human, protecting forms from spam and automated abuse. Add CAPTCHA when your form:
- Is publicly accessible
- Receives spam submissions
- Handles sensitive operations (registration, password reset)
- Must meet security compliance requirements
Best Practice
Combine CAPTCHA with built-in honeypot protection for optimal spam defense. Honeypots catch simple bots; CAPTCHAs stop sophisticated attacks.
reCAPTCHA
The reCAPTCHA element integrates Google reCAPTCHA service that helps protect websites from spam and abuse, supporting both v2 and v3.
| Setting | Description | Dynamic |
|---|---|---|
| Type | The type of captcha to display, v2 Checkbox, v2 Invisible or v3. | |
| Site/Secret Key | The sit and secret keys obtained from reCAPTCHA Dashboard. | |
| Error Message | A message that will be displayed if the element validation fails. Optionally use {fieldlabel} as a placeholder, it will be replaced with the field label. | ✓ |
TIP
The reCAPTCHA Admin Console allows you to manage your reCAPTCHA site and secret keys, and configure the settings of those at any time. It also allows you to permanently delete your reCAPTCHA keys.
reCAPTCHA v2
reCAPTCHA v2 verifies if an interaction is legitimate with a captcha challenge presented in two variations.
TIP
By default, only the most suspicious traffic will be prompted to solve a captcha. To alter this behavior edit the site security preference under the reCAPTCHA Admin Console advanced settings.
"I'm not a robot" Checkbox
Requires the user to click a checkbox indicating is not a robot.
| Setting | Description | Dynamic |
|---|---|---|
| Label | The title for the field that represent the field data. | ✓ |
| Theme | The field style output, Light or Dark. | |
| Size | The field size output, Normal or Compact. |
Invisible reCAPTCHA badge
A captcha might be invoked when the form is submitted, but the badge is always visible.
| Setting | Description | Dynamic |
|---|---|---|
| Position | The badge position, Bottom Left, Bottom Right, or Inline. | |
| Label | The title for the field that should represent the field data, when the position is set as Inline. | |
| Theme | The badge style output, Light or Dark. |
reCAPTCHA v3
reCAPTCHA v3 verifies if an interaction is legitimate without any user interaction, instead of showing a CAPTCHA challenge it evaluates based on the returned score by the API.
| Setting | Description | Dynamic |
|---|---|---|
| Score Threshold | The value below which to consider the submitter a bot. The score runs from 0.0 (bot) to 1.0 (human). | |
| Action | The action name for the captcha request. Used for more advanced integrations, may only contain alphanumeric characters and slashes. |
hCaptcha
The hCaptcha element integrates hCaptcha anti-bot solution that protects user privacy and rewards websites.
| Setting | Description | Dynamic |
|---|---|---|
| Type | The type of captcha to display, Checkbox or Invisible. | |
| Site/Secret Key | The Site and Secret keys obtained from hCaptcha Dashboard. | |
| Theme | The theme style, Light or Dark. | |
| Score Threshold | The threshold over which to consider the submitter a bot. From 0.0 (no risk) to 1.0 (confirmed threat), available only for hCaptcha Enterprise. | |
| Error Message | A message that will be displayed if the element validation fails. Optionally use {fieldlabel} as a placeholder, it will be replaced with the field label. | ✓ |
Checkbox
A variation that will render a "checkbox" style field by which the captcha challenge could be initiated by the user.
| Setting | Description | Dynamic |
|---|---|---|
| Label | The title for the field that represent the field data. | ✓ |
| Size | The size of the checkbox, Normal or Compact. |
Invisible
A variation that will only render the Compliance text initing the challenge when the form is submitted.
| Setting | Description |
|---|---|
| Compliance | A legally required text to comply with online privacy laws. Make sure it links to hCaptcha Privacy Policy and Terms of Service. |
Turnstile
The Turnstile element integrates Cloudflare Turnstile captcha alternative.
| Setting | Description | Dynamic |
|---|---|---|
| Appears | When should the widget appear, Always or When Interaction Required. | |
| Site/Secret Key | The Site and Secret keys obtained from Turnstile Dashboard. | |
| Label | An optional label for the field. | ✓ |
| Theme | The widget theme style, Light or Dark. | |
| Size | The widget theme size, Normal or Compact. | |
| Compliance | Optional override of the legally required text to comply with online privacy laws. It should link to Turnstile Privacy Policy and Terms of Service. | |
| Error Message | A message that will be displayed if the element validation fails. Optionally use {fieldlabel} as a placeholder, it will be replaced with the field label. | ✓ |
Friendly Captcha
The Friendly Captcha element integrates Friendly Captcha anti-bot solution that is GDPR compliant and made in Europe.
| Setting | Description | Dynamic |
|---|---|---|
| Site/API Key | The Site and API keys obtained from Friendly Captcha Dashboard. | |
| Label | The title for the field that represent the field data. | ✓ |
| Endpoint | The primary endpoint for the puzzles and verification requests. Note that this feature requires a FriendlyCaptcha premium plan and to be specifically enabled. | ✓ |
| Language | The language for the captcha, defaults to the site language. | ✓ |
| Error Message | A message that will be displayed if the element validation fails. Optionally use {fieldlabel} as a placeholder, it will be replaced with the field label. | ✓ |