Comments on: JavaScript “Protection:” Don't Fall for it!

By: Weblog Tools Collection » WP Plugin: Encrypted contact forms

Weblog Tools Collection » WP Plugin: Encrypted contact forms — Tue, 28 Nov 2006 13:44:41 +0000

[...] You should Google: http://neosmart.net/blog/archives/193 Comment by Already been Broken 11/28/2006 @ 4:29 am [...]

By: Zirona :: OpenSource Consulting » Blog-Artikel » Verschlüsselte Kontaktformulare für WordPress

Tue, 28 Nov 2006 13:17:04 +0000

[...] http://neosmart.net/blog/archives/193 [...]

By: ha.ckers.org web application security lab - Archive » Spam-me-not Obfuscation

Mon, 23 Oct 2006 18:39:19 +0000

[...] I don’t know if you’ve googled this or not, but there’s a very interesting article on this same topic on NeoSmart Technologies: http://neosmart.net/blog/archives/193 [...]

By: Do. - Want to hide your email address?

Do. - Want to hide your email address? — Fri, 18 Aug 2006 18:05:01 +0000

[...] Pain in the arse. Bill Posters Says…Aug 10th 2006 edited Fwiw™…JavaScript “Protection:” Don’t Fall for it! (June, 2006)Seems that email link protection has finally gone the way of ‘image protection’ – in that all the misguided schemes that are often employed to (try to) achieve that can more or less be boiled down to one simply rule – if you don’t want it taken by twats/bots, don’t publish it on t’interweb.+http://linux.oldcrank.com/tips/antibot/Only scanned it, but it looks as though it could potentially be useful reading. Phil Says…Aug 10th 2006 You mean to tie it into a directory of users, for example?Kinda, but more that if you fill in a comment in a blog, or enter an email address in an article in a CMS, that upon submission of the form, it does the translation to a TinyLink and stores that in the DB. [...]

By: Michael Greenberg

Michael Greenberg — Tue, 04 Jul 2006 09:32:40 +0000

I've posted a small response to your post on Weaselhat, the home of PHPEnkoder. I think you're mostly right that client-side hiding is infeasible, but I also feel you should take a closer look at some of the options and possibilities.

By: Antonio Bueno

Antonio Bueno — Thu, 29 Jun 2006 19:10:17 +0000

I mostly agree with you: any “protection” script just makes the e-mail harvesting slightly less easy. With the current Javascript engines at hand, there’s little you can do to protect your address. The only real protection is on the (e-mail) server side.

For example, go to the Enkoder’s author contact page (”Enkoder protected” ):
http://hivelogic.com/contact
and write this in the address bar:
javascript:alert(document.getElementsByTagName("a")[2].href)

And that’s not counting on someone not liking you and spreading your address everywhere

So, unless you just want to avoid the naïve e-mail harvesters (perfectly valid option), forget about e-mail protection (not only javascript-based).

Code fixed by NST – caused by XSS protection