# How can I validate google reCAPTCHA v2 using javascript/jQuery?

## The Question :

130 people think this question is useful

I have a simple contact form in aspx. I want to validate the reCaptcha (client-side) before submitting the form. Please help.

Sample code:

    <%@ Page Language="VB" AutoEventWireup="false" CodeFile="Default2.aspx.vb" Inherits="Default2" %>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<title>Test Form</title>
<script src="//code.jquery.com/jquery-1.10.2.js"></script>
<script src="//code.jquery.com/ui/1.11.2/jquery-ui.js"></script>
<script>
$("#cmdSubmit").click(function () { //need to validate the captcha }); </script> </head> <body> <form id="form1" runat="server"> <label class="clsLabe">First Name<sup>*</sup></label><br /> <input type="text" id="txtFName" name="txtFName" class="clsInput" /><br /> <div class="g-recaptcha" data-sitekey="my_key"></div> <img id="cmdSubmit" src="SubmitBtn.png" alt="Submit Form" style="cursor:pointer;" /> </form> </body> </html>  I want to validate the captcha on cmdSubmit click. Please help. The Question Comments : • what have you done so far? need more info, the question is too vague. • If you are not sending a post request to google via server side validation you may as well not even include a captcha. The client side validations suggested below will be passed by bots. • Validate captcha is clicked clientside > do something > validate recaptcha data server side > do something. • Check sample example tutorial here freakyjolly.com/… ## The Answer 1 112 people think this answer is useful This Client side verification of reCaptcha – the following worked for me : if reCaptcha is not validated on client side grecaptcha.getResponse(); returns null, else is returns a value other than null. Javascript Code: var response = grecaptcha.getResponse(); if(response.length == 0) //reCaptcha not verified else //reCaptch verified  ## The Answer 2 62 people think this answer is useful Use this to validate google captcha with simple javascript. This code at the html body: <div class="g-recaptcha" id="rcaptcha" style="margin-left: 90px;" data-sitekey="my_key"></div> <span id="captcha" style="margin-left:100px;color:red" />  This code put at head section on call get_action(this) method form button: function get_action(form) { var v = grecaptcha.getResponse(); if(v.length == 0) { document.getElementById('captcha').innerHTML="You can't leave Captcha Code empty"; return false; } else { document.getElementById('captcha').innerHTML="Captcha completed"; return true; } }  ## The Answer 3 30 people think this answer is useful If you render the Recaptcha on a callback <script src="https://www.google.com/recaptcha/api.js?onload=onloadCallback&amp;render=explicit" async defer></script>  using an empty DIV as a placeholder <div id='html_element'></div>  then you can specify an optional function call on a successful CAPTCHA response var onloadCallback = function() { grecaptcha.render('html_element', { 'sitekey' : 'your_site_key', 'callback' : correctCaptcha }); };  The recaptcha response will then be sent to the ‘correctCaptcha’ function. var correctCaptcha = function(response) { alert(response); };  All of this was from the Google API notes : Google Recaptcha v2 API Notes I’m a bit unsure why you would want to do this. Normally you would send the g-recaptcha-response field along with your Private key to safely validate server-side. Unless you wanted to disable the submit button until the recaptcha was sucessful or such – in which case the above should work. Hope this helps. Paul ## The Answer 4 28 people think this answer is useful Simplified Paul’s answer: Source: <script src="https://www.google.com/recaptcha/api.js"></script>  HTML: <div class="g-recaptcha" data-sitekey="YOUR_KEY" data-callback="correctCaptcha"></div>  JS: var correctCaptcha = function(response) { alert(response); };  ## The Answer 5 9 people think this answer is useful I used HarveyEV’s solution but misread it and did it with jQuery validate instead of Bootstrap validator.  <script src="http://ajax.aspnetcdn.com/ajax/jquery.validate/1.14.0/jquery.validate.min.js"></script> <script>$("#contactForm").validate({
submitHandler: function (form) {
var response = grecaptcha.getResponse();
if (response.length == 0) {
$('#recaptcha-error').show(); return false; } //recaptcha passed validation else {$('#recaptcha-error').hide();
return true;
}
}
});
</script>



## The Answer 6

6 people think this answer is useful

I thought all of them were great but I had troubles actually getting them to work with javascript and c#. Here is what I did. Hope it helps someone else.

//put this at the top of the page

//put this under the script tag
<script>
var isCaptchaValid = false;
function doCaptchaValidate(source, args) {
}
var verifyCallback = function (response) {
};
</script>

<div class="g-recaptcha" data-sitekey="sitekey" data-callback="verifyCallback">

//created a custom validator and added error message and ClientValidationFucntion
<asp:CustomValidator runat="server" ID="CustomValidator1" ValidationGroup="Initial" ErrorMessage="Captcha Required" ClientValidationFunction="doCaptchaValidate"/>



## The Answer 7

4 people think this answer is useful

you can render your recaptcha using following code

<div id="recapchaWidget" class="g-recaptcha"></div>

<script type="text/javascript">
var widId = "";
var onloadCallback = function ()
{
widId = grecaptcha.render('recapchaWidget', {
});
};
</script>



Then you can validate your recaptcha by using “IsRecapchaValid()” method as follows.

 <script type="text/javascript">
function IsRecapchaValid()
{
var res = grecaptcha.getResponse(widId);
if (res == "" || res == undefined || res.length == 0)
{
return false;
}
return true;
}
</script>



## The Answer 8

2 people think this answer is useful

Unfortunately, there’s no way to validate the captcha on the client-side only (web browser), because the nature of captcha itself requires at least two actors (sides) to complete the process. The client-side – asks a human to solve some puzzle, math equitation, text recognition, and the response is being encoded by an algorithm alongside with some metadata like captcha solving timestamp, pseudo-random challenge code. Once the client-side submits the form with a captcha response code, the server-side needs to validate this captcha response code with a predefined set of rules, ie. if captcha solved within 5 min period, if the client’s IP addresses are the same and so on. This a very general description, how captchas works, every single implementation (like Google’s ReCaptcha, some basic math equitation solving self-made captchas), but the only one thing is common – client-side (web browser) captures users’ response and server-side (webserver) validates this response in order to know if the form submission was made by a human or a robot.

NB. The client (web browser) has an option to disable the execution of JavaScript code, which means that the proposed solutions are completely useless.

## The Answer 9

1 people think this answer is useful

I used Palek’s solution inside a Bootstrap validator and it works. I’d have added a comment to his but I don’y have the rep;). Simplified version:

        $('#form').validator().on('submit', function (e) { var response = grecaptcha.getResponse(); //recaptcha failed validation if(response.length == 0) { e.preventDefault();$('#recaptcha-error').show();
}
else {
$('#recaptcha-error').hide(); } if (e.isDefaultPrevented()) { return false; } else { return true; } });  ## The Answer 10 1 people think this answer is useful Source Link You can simply check on client side using grecaptcha.getResponse() method  var rcres = grecaptcha.getResponse(); if(rcres.length){ grecaptcha.reset(); showHideMsg("Form Submitted!","success"); }else{ showHideMsg("Please verify reCAPTCHA","error"); }  ## The Answer 11 0 people think this answer is useful You cannot validate alone with JS only. But if you want to check in the submit button that reCAPTCHA is validated or not that is user has clicked on reCAPTCHA then you can do that using below code.  let recaptchVerified = false; firebase.initializeApp(firebaseConfig); firebase.auth().languageCode = 'en'; window.recaptchaVerifier = new firebase.auth.RecaptchaVerifier('recaptcha-container',{ 'callback': function(response) { recaptchVerified = true; // reCAPTCHA solved, allow signInWithPhoneNumber. // ... }, 'expired-callback': function() { // Response expired. Ask user to solve reCAPTCHA again. // ... } });  Here I have used a variable recaptchVerified where I make it initially false and when Recaptcha is validated then I make it true. So I can use recaptchVerified variable when the user click on the submit button and check if he had verified the captcha or not. ## The Answer 12 0 people think this answer is useful Here’s how we were able to validate the RECAPTCHA using .NET: FRONT-END <div id="rcaptcha" class="g-recaptcha" data-sitekey="[YOUR-KEY-GOES-HERE]" data-callback="onFepCaptchaSubmit"></div>  BACK-END:  public static bool IsCaptchaValid(HttpRequestBase requestBase) { var recaptchaResponse = requestBase.Form["g-recaptcha-response"]; if (string.IsNullOrEmpty(recaptchaResponse)) { return false; } string postData = string.Format("secret={0}&amp;response={1}&amp;remoteip={2}", "[YOUR-KEY-GOES-HERE]", recaptchaResponse, requestBase.UserHostAddress); byte[] data = System.Text.Encoding.ASCII.GetBytes(postData); HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://www.google.com/recaptcha/api/siteverify"); request.Method = "POST"; request.ContentType = "application/x-www-form-urlencoded"; request.ContentLength = data.Length; using (var stream = request.GetRequestStream()) { stream.Write(data, 0, data.Length); } var response = (HttpWebResponse)request.GetResponse(); var responseString = ""; using (var sr = new System.IO.StreamReader(response.GetResponseStream())) { responseString = sr.ReadToEnd(); } return System.Text.RegularExpressions.Regex.IsMatch(responseString, "\"success\"(\\s*?):(\\s*?)true", System.Text.RegularExpressions.RegexOptions.Compiled); }  Call the above method within your Controller’s POST action. ## The Answer 13 -1 people think this answer is useful if (typeof grecaptcha !== 'undefined' &amp;&amp;$("#dvCaptcha").length > 0 &amp;&amp; $("#dvCaptcha").html() == "") { dvcontainer = grecaptcha.render('dvCaptcha', { 'sitekey': ReCaptchSiteKey, 'expired-callback' :function (response){ recaptch.reset(); c_responce = null; }, 'callback': function (response) {$("[id*=txtCaptcha]").val(c_responce);
$("[id*=rfvCaptcha]").hide(); c_responce = response; } }); } function callonanybuttonClick(){ if (c_responce == null) {$("[id*=txtCaptcha]").val("");
$("[id*=rfvCaptcha]").show(); return false; } else {$("[id*=txtCaptcha]").val(c_responce);
$("[id*=rfvCaptcha]").hide(); return true; } }  <div id="dvCaptcha" class="captchdiv"></div> <asp:TextBox ID="txtCaptcha" runat="server" Style="display: none" /> <label id="rfvCaptcha" style="color:red;display:none;font-weight:normal;">Captcha validation is required.</label>  Captcha validation is required. ## The Answer 14 -2 people think this answer is useful <%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server"> <title></title> <script src='https://www.google.com/recaptcha/api.js'></script> <script type="text/javascript"> function get_action() { var v = grecaptcha.getResponse(); console.log("Resp" + v); if (v == '') { document.getElementById('captcha').innerHTML = "You can't leave Captcha Code empty"; return false; } else { document.getElementById('captcha').innerHTML = "Captcha completed"; return true; } } </script> </head> <body> <form id="form1" runat="server" onsubmit="return get_action();"> <div> <div class="g-recaptcha" data-sitekey="6LeKyT8UAAAAAKXlohEII1NafSXGYPnpC_F0-RBS"></div> </div> <%-- <input type="submit" value="Button" />--%> <asp:Button ID="Button1" runat="server" Text="Button" /> <div id="captcha"></div> </form> </body> </html>  It will work as expected. ## The Answer 15 -2 people think this answer is useful The Google reCAPTCHA version 2 ASP.Net allows validating the Captcha response on the client side using its Callback functions. In this example, the Google new reCAPTCHA will be validated using ASP.Net RequiredField Validator. <script type="text/javascript"> var onloadCallback = function () { grecaptcha.render('dvCaptcha', { 'sitekey': '<%=ReCaptcha_Key %>', 'callback': function (response) {$.ajax({
type: "POST",
data: "{response: '" + response + "'}",
contentType: "application/json; charset=utf-8",
dataType: "json",
success: function (r) {
var captchaResponse = jQuery.parseJSON(r.d);
$("[id*=txtCaptcha]").val(captchaResponse.success);$("[id*=rfvCaptcha]").hide();
} else {
$("[id*=txtCaptcha]").val("");$("[id*=rfvCaptcha]").show();
var error = captchaResponse["error-codes"][0];
}
}
});
}
});
};
</script>

<asp:TextBox ID="txtCaptcha" runat="server" Style="display: none" />