While the "fairly" spam safe email is good, there is an alternative to javascript wich as of today can still be turned off or simply not work for some people. This solution encodes the email link and change the text into a bot safe text.

Original code...
// check for email addresses
if (preg_match("/^.+\@.+$/", $tag))
    $url = "mailto:".$tag;

Modified code...
if (preg_match("/^.+\@.+$/", $tag))
    // If the text was empty and got the email, we turned the email
    // to a bot safe format.
    if ($text == $tag)
        $text = htmlspecialchars(str_replace(array('@', '.'), array(' [at] ', ' [dot] '), $text));
    // We then encode the full link
    $mailto = "mailto:";
    $address = htmlspecialchars($tag);
    for ($x=0; $x < strlen($address); $x++)
            $address_encode .= '%' . bin2hex($address[$x]);
        } else {
            $address_encode .= $address[$x];
    $tag = $mailto . $address_encode;
} else if (!preg_match("/:\/\//", $tag)) {
    // check for protocol-less URLs
    $tag = "http://".$tag;  //Very important for xss (avoid javascript:() hacking)

Browsers will see a mail link, clicking on the link will open the usual mail client, etc. But all the bots will see is an non-email text and an encoded string and won't be able to translate it into a mail.

Text: frank [dot] chestnut [at] postnuke [dot] com∞
<a title="frank [dot] chestnut [at] postnuke [dot] com" href="mailto:%66%72%61%6e%6b.%63%68%65%73%74%6e%75%74@%70%6f%73%74%6e%75%6b%65.%63%6f%6d">frank [dot] chestnut [at] postnuke [dot] com</a> <span class='exttail'>∞</span>

FrankChestnut - 16-04-2006
Also: DataBaseAbstraction

There are no comments on this page.
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki