عربي | Deutsch | English | Español | français | italiano | Nederlands

291 Plugins, 198 contribs On SPIP-Zone, 115 visitors now

Home > Interactivité, échanges > Antispam Solutions > Hiding email addresses

Hiding email addresses

14 December 2004 – by paolo – commentaires

3 Votes

Two methods of hiding email addresses in Spip’s text fields from spam robots

On our site we need to publish some contact lists which include email addresses. In order to avoid the “harvesting” of these addresses by spam robots they need to be hidden in some way. Here are two ways of doing this, which (I hope) are adequately secure.

Both methods make use of the apres_propre “entry point”, which is provided in Spip from version 1.7 onward, to intercept the text stream.

I should say that this whole contribution comes with a Health Warning attached: I do not know a lot about PHP, and the Regular Expressions here are among the first I have written (they may well be the last, too...).

Method 1

In the file ecrire/mes_options.php3 (create this file if it does not already exist), place these lines (making the change noted at point 3):

How does it work?

1. First, we look for all the instances of mailto: and match the following characters up until the next inverted commas, space or closing angle bracket, and count that as an email link.

Next the link (which may of course contain capital letters) is forced to lower-case. At the same time a “tip” is added to the link. When the visitor to the page clicks on the link, this text will be inserted into the body of the new email telling them what to do in order to make the email address valid.

2. The @ is replaced with the replacement string which is defined at the beginning of the function and which you can change according to taste. Here, I’ve chosen a capital M. As the link contains only lower-case letters this will be easy for the visitor to see to replace, but hopefully incomprehensible for robots.

3. Mail robots apparently usually look for the text “mailto:” so it makes sense to change it a bit. To make it a bit more confusing the string of entities uses a mixture of hex and decimal encoding.

4. This next regular expression checks if between a closing angle bracket and a </a there is an @ character anywhere. This will usually be indicative of an email address having been given as the text of a link. So this text is converted in the same way. It would be possible to just change this text to something like “Send email” - as is done in the second method.

Advantages of this method

-  It will be (I think) good at hiding the addresses from robots.

-  Unlike Spip’s default |antispam filter, it will not convert every @ sign in the text, but just the ones in email links (so you can still write sentences like: “C U @ 9”, she texted to her friend - ok, no great advantage!)

-  The spaces in the email address produced by the default |antispam filter produces quirky effects in some email software when the email links are clicked. This allows you to avoid that.

Disadvantage of this method

-  It’s tiresome for the person clicking on the link to have to correct it manually.

Method 2

In the file ecrire/mes_options.php3 (create this file if it does not already exist), place these lines:

Then, in the <head> section of the templates where text with emails may appear place these lines:

Alternatively, you can of course put this function in a separate .js file and link your templates to it using a line like this:

<script type="text/javascript" src="mes_scripts.js"></script>

How does it work?

The function matches strings beginning with mailto: until it finds a pair of inverted commas. So it is important that the email links be well formed with the href attribute enclosed in double inverted commas (email links made with Spip’s shortcut are like this).

Then the email link is jumbled up by assigning bits of it to different attributes.
So a link that contains
<a href="me@nowhere.net" ...
is transformed into
<a href="#" name="nowhere.net" title="me" onClick="location.href = dolink(this.title, this.name); return false;" ...

The email is only decoded when a visitor clicks on the link.

If the text of a link contains an @ the whole text is replaced; in this case by the word [Email].

Advantages of this method

-  All the advantages of the first method, plus

-  The link works when it is clicked and doesn’t need correcting manually.

Disadvantage of this method

-  The link will only work if the visitor has a browser with Javascript. Otherwise they will not be able to get at the email address at all.


Note (June 2005): This contrib has now been superseded by “Un système antispam”, published in French.

updated on 25 January 2007

Back to top

Your comments

  • On 29 December 2004 at 11:20, by tibo Replying to: > Hiding email addresses

    I also created my personnal hiding method. It’s a mix of your 2 methods and some salt.

    The code is designed for french sites but you can update it. If you are interested for the code, ask me.

    • On 3 January 2005 at 15:40, by ? Replying to: > Hiding email addresses

      Cela me semble bon! J’ai aussi dévelopé mes idées un peu après avoir écrit cette contrib.


    Reply to this message

Comment on this article

Who are you?
  • [Log in]

To show your avatar with your message, register it first on gravatar.com (free et painless) and don’t forget to indicate your Email addresse here.

Enter your comment here Les choses à faire avant de poser une question (Prolégomènes aux rapports de bugs. )
Add a document

Back to top

Here they're talking

  • (fr) Owl Carousel 2

    30 novembre 2017 – 42 commentaires

    Owl Carousel est un diaporama jQuery adaptable aux différentes tailles d’écran, qu’on peut actionner par glisser, il utilise CSS3 mais il est compatible avec les vieux navigateurs, et il est aussi paramétrable. Le présent plugin permet d’utiliser (...)

  • (fr) Formidable, le générateur de formulaires

    23 janvier 2012 – 2531 commentaires

    Un générateur de formulaires facilement configurable pour les non-informaticiens et facilement extensible pour les développeurs. Introduction L’objectif était de créer un plugin permettant de générer des formulaires. Historiquement, 2 plugins (...)

  • (fr) Calendrier Mini 2.0

    19 mai 2012 – 256 commentaires

    Ce plugin ajoute la balise #CALENDRIER_MINI qui insère un petit widget de navigation par mois dans les dates des évènements. Fonctionnement du mini calendrier Le mini calendrier présente un mois à la fois. Les jours du mois comportant des (...)

  • (fr) Paiement avec Formidable

    16 février 2015 – 69 commentaires

    Ce plugin « Paiement avec Formidable » permet d’ajouter une étape de paiement à la fin de la saisie d’un formulaire créé par le plugin Formidable. Il le complète et nécessite par ailleurs le plugin bank qui gère l’interface technique avec les prestataires (...)

  • (fr) citrace : garder une trace de certaines actions

    26 juillet 2013 – commentaire

    L’objectif est de garder une trace, pendant une période déterminée, de qui a effectué quelle action sur le contenu du site et quand. Les objectifs de ce plugin L’objectif est de garder une trace, pendant une période déterminée, de qui a effectué (...)