5 answers
Thank you to Lori for a solution that worked for a while. However, validating client-side isn't secure and there are bots dumping spam into our Org again. I think the bot is simply populating the response variable, allowing the button to be enabled and clicked again. Or perhaps the bot is skipping that altogether and invoking a click event without the button being enabled. Either way, Salesforce NEEDS to solve this problem so that we can validate against the server.