The more I think about the more the idea of using the SaveOptions field at all is just plain bad. Unless, that is, you're 100% sure it's spam. using HTTP_Referer and SaveOptions is a no for me. It's just too likely you're going to get false positives and users lose all the text they just typed in.
Much better to use an "Approved" field filter it manually in the backend.
The more I think about the more the idea of using the SaveOptions field at all is just plain bad. Unless, that is, you're 100% sure it's spam. using HTTP_Referer and SaveOptions is a no for me. It's just too likely you're going to get false positives and users lose all the text they just typed in.
Much better to use an "Approved" field filter it manually in the backend.