Pen Settings



CSS Base

Vendor Prefixing

Add External Stylesheets/Pens

Any URL's added here will be added as <link>s in order, and before the CSS in the editor. If you link to another Pen, it will include the CSS from that Pen. If the preprocessor matches, it will attempt to combine them before processing.

+ add another resource


Babel is required to process package imports. If you need a different preprocessor remove all packages first.

Add External Scripts/Pens

Any URL's added here will be added as <script>s in order, and run before the JavaScript in the editor. You can use the URL of any other Pen and it will include the JavaScript from that Pen.

+ add another resource


Add Packages

We can make npm packages available for you to use in your JavaScript. We use webpack to prepare them and make them available to import or require. We'll also process your JavaScript with Babel.

⚠️ This feature can only be used by logged in users.


Save Automatically?

If active, Pens will autosave every 30 seconds after being saved once.

Auto-Updating Preview

If enabled, the preview panel updates automatically as you code. If disabled, use the "Run" button to update.

Editor Settings

Code Indentation

Want to change your Syntax Highlighting theme, Fonts and more?

Visit your global Editor Settings.

HTML Settings

Here you can Sed posuere consectetur est at lobortis. Donec ullamcorper nulla non metus auctor fringilla. Maecenas sed diam eget risus varius blandit sit amet non magna. Donec id elit non mi porta gravida at eget metus. Praesent commodo cursus magna, vel scelerisque nisl consectetur et.

              <!---------- Successful honeypot ------------->

<form id="form1">
  <label for="fname1">First Name:</label>
  <input type="text" id="fname1" name="fname1" />
  <label for="lname1">Last Name:</label>
  <input type="text" id="lname1" name="lname1" />
  <!-- We hide the honeypot field from human view. If it's filled out then the form is thrown out as spam -->
  <div style="display: none;">
    <label for="honeypot1">If you are human don't fill this out!</label>
    <input type="text" id="honeypot1" name="honeypot1" />
  <input type="submit" />

  Honeypot value is "<span id="honey1-value"></span>" which means it would be filtered by system because it's not empty.

<!---------- Form bypassed by spammer ------------->

<form id="form2">
  <label for="fname2">First Name:</label>
  <input type="text" id="fname2" name="fname2" />
  <label for="lname2">Last Name:</label>
  <input type="text" id="lname2" name="lname2" />
  <div style="display: none;">
    <label for="honeypot2">If you are human don't fill this out!</label>
    <input type="text" id="honeypot2" name="honeypot2" />
  <input type="submit" />

  Honeypot value is "<span id="honey2-value"></span>" so would pass system check because script checks for offsetParent to see if the input is visible.

              const honeypot1 = document.getElementById('honeypot1'),
      honeypot2 = document.getElementById('honeypot2')

// Watch for honeypot changes
honeypot1.addEventListener('change', function() {
  document.getElementById('honey1-value').innerText = this.value

honeypot2.addEventListener('change', function() {
  document.getElementById('honey2-value').innerText = this.value

  Assumption is made that spam automation will do this..

const inputs1 = document.querySelectorAll('#form1 input[type=text]')
for(let input of inputs1) {
  input.value = chance.word()

  But they can escape a honeypot by doing this..

const inputs2 = document.querySelectorAll('#form2 input[type=text]')
for(let input of inputs2) {
  if( input.offsetParent ) 
    input.value = chance.word()

// Trigger change events
honeypot1.dispatchEvent(new Event('change'));
honeypot2.dispatchEvent(new Event('change'));