Honeypot/Spam Guard with Runtime Neos.Fusion.Form:Runtime.RuntimeForm

Hello everyone!

I am using Neos.Fusion.Form:Runtime.RuntimeForm for my form nodetype. In order to prevent Bots from submitting the form, I would like to implement a honeypot.

The idea would be to hide a certain input field and to require it to be empty via the schema{}. Unfortunately I don’t know how to require a field to be empty with the given methods nor how to create a custom Schema that can do this.

Thanks in advance for any input on whether or not this is a valid method or on how to implement such a schema.

Hey Luca,

you might want to have a look at my honeypot solution for Neos forms: https://github.com/daniellienert/honeypotformfield and either use it or grab some ideas.


Hi Daniel,

thanks for the tip, I already looked into it and it seems like a great solution. However, I struggle to implement it into a Fusion Runtime form, therefore I tried creating a honeypot on my own.

However, if possible I would like to use your package. Would be really greatful for some hints as I already spent the whole day on this :sweat_smile:

You can do that with pure fusion with a custom field and a validator that rejects any input.

renderer = Neos.Fusion.Form:Runtime.RuntimeForm {
    process {
        content = afx`
                attributes.style="display:none; !important"
                <Neos.Fusion.Form:Input />

        schema {
            honey = ${Form.Schema.string().validator('StringLength', {minimum:0, maximum:0})}

If you want to show the thank you message but skip the email sending you can react to the value of the honey field in the actions (then the honey schema gets no validator):

action {
    email {
        @if.noHoney = ${data.honey ? false : true}
        type = 'Neos.Fusion.Form.Runtime:Email'
        options {

Offcourse the name honey and hiding the field via display:none is not for production use.


Thank you!

this is actually more or less how I planned to do it, but I never got the schema quite right!