Protecting e-mail address in XHTML

Discussion in 'XML' started by Kerberos, Dec 22, 2004.

  1. Kerberos

    Kerberos Guest

    I have XHTML pages that I deliver as application/xhtml+xml
    I used to have a Javascript that hid an e-mail address from spam bots, but
    displayed properly the e-mail address on web browsers.
    How would you show an e-mail address in the browser but protecting it from
    spam bots?
    What works for text/html doesn't for application/xhtml+xml, such as
    document.write...
    Do you have a solution?
    Thanks,

    --

    Kerberos.

    http://www.opera.com
    http://www.freebsd.org
    http://www.auriance.com
    http://www.osresources.com
    http://exodus.jabberstudio.org
    Kerberos, Dec 22, 2004
    #1
    1. Advertising

  2. Kerberos

    Andy Dingley Guest

    On Wed, 22 Dec 2004 19:34:33 -0200, Kerberos <> wrote:

    >I have XHTML pages that I deliver as application/xhtml+xml


    Well stop it ! (read Appendix C or c.i.w.a.h )

    >I used to have a Javascript that hid an e-mail address from spam bots, but
    >displayed properly the e-mail address on web browsers.


    So your problem is nothing to do with email addresses at all, and is
    really to do with how to embed JavaScript inside XHTML, without it
    being non-well-formed XML.

    Either hold the JavaScript in an external document, or use a CDATA
    section.
    --
    Smert' spamionam
    Andy Dingley, Dec 23, 2004
    #2
    1. Advertising

  3. Kerberos

    Kerberos Guest

    Em Thu, 23 Dec 2004 01:36:33 +0000, Andy Dingley <>
    escreveu:

    > Either hold the JavaScript in an external document, or use a CDATA
    > section.


    I created a page with an embedded JS protected by CDATA. The page is sent
    with MIME type application/xhtml+xml:
    http://www.auriance.com/clientes/cpe/essai2.php
    It works fine with Opera, IE (sent as text/html in this case), but with
    Firefox it won't show the email address.

    --

    Kerberos.

    http://www.opera.com
    http://www.freebsd.org
    http://www.auriance.com
    http://www.osresources.com
    http://exodus.jabberstudio.org
    Kerberos, Dec 23, 2004
    #3
  4. Kerberos wrote:


    > I created a page with an embedded JS protected by CDATA. The page is
    > sent with MIME type application/xhtml+xml:
    > http://www.auriance.com/clientes/cpe/essai2.php
    > It works fine with Opera, IE (sent as text/html in this case), but with
    > Firefox it won't show the email address.


    With Mozilla/Firefox and Opera you can't use document.write in
    application/xhtml+xml.
    With Mozilla/Firefox you can't use innerHTML either with that content type.
    Here is an example to solve the task using DOM scripting:
    <http://home.arcor.de/martin.honnen/javascript/200412/test2004122302.xhtml>

    I am not sure however that approach to the email harvesting protection
    is a viable one but perhaps you can use the script code.

    --

    Martin Honnen
    http://JavaScript.FAQTs.com/
    Martin Honnen, Dec 23, 2004
    #4
  5. Kerberos

    Andy Dingley Guest

    Andy Dingley, Dec 23, 2004
    #5
  6. Kerberos

    Andy Dingley Guest

    On Thu, 23 Dec 2004 09:49:21 -0200, Kerberos <> wrote:

    >I created a page with an embedded JS protected by CDATA.


    Your script is built out of dodgy IE-specific JScript.

    e.innerHTML = "<a href=\"mailto:" + address + "\">" + address +
    "</a>";


    I haven;'t looked closely, but I think Opera supports this, Mozilla /
    Firefox don't (sadly). You can achieve similar results in a compliant
    manner, but with a _lot_ more code -- you'd need to create a <link>
    element as a JavaScript object with document.createElement() and then
    insert it into the HTML document with HTMLDomElement.appendChild()

    --
    Smert' spamionam
    Andy Dingley, Dec 23, 2004
    #6
  7. Kerberos

    Kerberos Guest

    Kerberos, Dec 23, 2004
    #7
  8. >>>>> "Kerberos" == Kerberos <> writes:

    Kerberos> How would you show an e-mail address in the browser but protecting it
    Kerberos> from spam bots?

    Please <a href="mailto:">send
    mail to me at <tt></tt></a> and I'll reply.

    That's sufficient for today's bots. Unlikely need to change, because
    there's SOO many low hanging fruit there. No Javascript required. Nothing
    fancy. Just replace the @ with @ and you're done.

    Spammers do *not* de-entitize. This has been observed repeatedly. There's
    no point in working harder than you must.

    --
    Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
    <> <URL:http://www.stonehenge.com/merlyn/>
    Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
    See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
    Randal L. Schwartz, Dec 24, 2004
    #8
  9. Randal L. Schwartz <> wrote:

    > Spammers do *not* de-entitize. This has been observed repeatedly.


    If you have a report or similar saying that, I would be interested in
    reading it (sounds like I don't believe you, I know, but that's not the
    case :)

    --
    David Håsäther
    David Håsäther, Dec 24, 2004
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    7
    Views:
    884
  2. chronos3d
    Replies:
    9
    Views:
    776
    Andy Dingley
    Dec 5, 2006
  3. Usha2009
    Replies:
    0
    Views:
    1,133
    Usha2009
    Dec 20, 2009
  4. xhtml champs
    Replies:
    0
    Views:
    527
    xhtml champs
    Aug 1, 2011
  5. newbie
    Replies:
    2
    Views:
    237
    newbie
    Mar 3, 2004
Loading...

Share This Page