Not really a coding question, more theoretical and code is not needed as I know how to do it, but I'm not sure where else to ask this.
I have an idea for preventing spam bots from seeing that I have a form, but I cannot test this in local code. Can I just make the form completely javascript generated, and then write it to the inner html of a tag after a one second timeout? Seems too easy so there must be some reason why this wouldn't work. I can't find where anybody tried this and tested it for a while so I don't know if it will work or not.
So based on what anybody knows about how bots work, can they still see that I have a form, especially if the js is obfuscated? I would think that the bot would never wait around to receive this or detect the change in the html, but would it find the form in obfuscated js?
Google's search spider claims that it can run some/most JavaScript when it evaluates a page, so I think it is reasonable to expect that at least some spam bots can do this now, and more so in the future.
Additionally, some spam bots are actually real people working for a pittance, using real browsers, so overall this will not work in the long term.