I do know that Google's reCAPTCHA should be validated server-side...
Below is a web page that "validates" it client-side by merely checking for the presence of a lengthy "g-recaptcha-response" value.
This seems to be all I need but what are the drawbacks to it?
<!DOCTYPE html>
<html lang="en">
<head>
<title>Google reCAPTCHA using client-side validation</title>
<script src='https://www.google.com/recaptcha/api.js'></script>
<script>
function js_onsubmit(that) {
if (that.Note.value == "") {
alert("NOTE cannot be blank.");
return false;
}
var valu = document.getElementById("g-recaptcha-response").value;
if (valu == "" || valu.length < 1024) {
alert("reCAPTCHA = FAILED (" + valu.length + ")");
return false;
}
alert("reCAPTCHA = PASSED");
return false; // form not submitted as this just to test reCAPTCHA.
document.getElementById("id_recaptcha").value = "True";
return true;
}
</script>
</head>
<body style="font-family:Arial">
<h1>Google reCAPTCHA</h1>
<form action="" method="post" onsubmit="return js_onsubmit(this)">
<input type="hidden" name="id_recpatcha" id="id_recaptcha" value="False">
<b>Note:</b>
<input type="text" name="Note" size="10" maxlength="10" value="">
<input type="submit" value="Submit">
<input type="button" value="Reload" onclick="location.reload()">
<br><br>
<div class="g-recaptcha" data-sitekey="===SITEKEY==="></div>
</form>
</body>
</html>
--https://stackoverflow.com/questions/41926479/validate-g-captcha-response-client-side
