{# Contact page — live Phase 5 form. POSTs to /contact. Honeypot + hCaptcha + SlowAPI rate-limit protect the endpoint. Every field carries an id/label pair for a11y and a maxlength/minlength to match the server-side validator — the HTML5 attributes are a UX hint only, not the security boundary. Honeypot: - The ``website`` field is wrapped in a .visually-hidden container marked ``aria-hidden="true"`` so assistive tech hides it too. - It is NOT ``required`` and has ``tabindex="-1"`` so a keyboard user can't accidentally focus it. - The server rejects any submission where the field is non-empty. hCaptcha: - When ``hcaptcha_site_key`` is truthy the widget div + script tag render. When empty (dev) we skip them and rely on the dev-mode fallback in :class:`HCaptchaService`. Context: - contact_email : str | None (from settings.admin_contact_email) - active_nav : "contact" - errors : dict[str, str] (field_name -> message) - form : dict[str, str] (prior submitted values) - form_error : str | None (top-level error banner) - hcaptcha_site_key : str | None (rendered when truthy) #} {% extends "public/base.html" %} {% block title %}Contact — Chicken Babies R Us{% endblock %} {% block meta_description %}Get in touch with Chicken Babies R Us.{% endblock %} {% block content %}

Get in touch

We'd love to hear from you — questions about the birds, availability, or just to say hi.

{% if contact_email %}

Prefer email? Reach us at {{ contact_email }}.

{% endif %} {% if form_error %} {% endif %}
{# Honeypot — visually hidden + aria-hidden so neither sighted users nor screen readers encounter it. Bots fill it in and get silently filed as spam. #}
{% if errors and errors.name %} {% endif %}
{% if errors and errors.email %} {% endif %}
{% if errors and errors.message %} {% endif %}
{% if hcaptcha_site_key %}
{% else %} {# hCaptcha disabled in dev — HCaptchaService returns True. #} {% endif %}
{% if hcaptcha_site_key %} {% endif %} {% endblock %}