SpamSafeEmail
While the "fairly" spam safe email is good, there is an alternative to javascript wich as of today can still be turned off or simply not work for some people. This solution encodes the email link and change the text into a bot safe text.
Original code...
Modified code...
if (preg_match("/^.+\@.+$/", $tag))
{
// If the text was empty and got the email, we turned the email
// to a bot safe format.
if ($text == $tag)
{
$text = htmlspecialchars(str_replace(array('@', '.'), array(' [at] ', ' [dot] '), $text));
}
// We then encode the full link
$mailto = "mailto:";
$address = htmlspecialchars($tag);
for ($x=0; $x < strlen($address); $x++)
{
if(preg_match('!\w!',$address[$x]))
{
$address_encode .= '%' . bin2hex($address[$x]);
} else {
$address_encode .= $address[$x];
}
}
$tag = $mailto . $address_encode;
} else if (!preg_match("/:\/\//", $tag)) {
// check for protocol-less URLs
$tag = "http://".$tag; //Very important for xss (avoid javascript:() hacking)
}
{
// If the text was empty and got the email, we turned the email
// to a bot safe format.
if ($text == $tag)
{
$text = htmlspecialchars(str_replace(array('@', '.'), array(' [at] ', ' [dot] '), $text));
}
// We then encode the full link
$mailto = "mailto:";
$address = htmlspecialchars($tag);
for ($x=0; $x < strlen($address); $x++)
{
if(preg_match('!\w!',$address[$x]))
{
$address_encode .= '%' . bin2hex($address[$x]);
} else {
$address_encode .= $address[$x];
}
}
$tag = $mailto . $address_encode;
} else if (!preg_match("/:\/\//", $tag)) {
// check for protocol-less URLs
$tag = "http://".$tag; //Very important for xss (avoid javascript:() hacking)
}
Browsers will see a mail link, clicking on the link will open the usual mail client, etc. But all the bots will see is an non-email text and an encoded string and won't be able to translate it into a mail.
Text: frank [dot] chestnut [at] postnuke [dot] com∞
source:
<a title="frank [dot] chestnut [at] postnuke [dot] com" href="mailto:%66%72%61%6e%6b.%63%68%65%73%74%6e%75%74@%70%6f%73%74%6e%75%6b%65.%63%6f%6d">frank [dot] chestnut [at] postnuke [dot] com</a> <span class='exttail'>∞</span>
FrankChestnut - 16-04-2006
Also: DataBaseAbstraction
CategoryUserContributions