عربي | Deutsch | English | Español | français | italiano | Nederlands

290 Plugins, 198 contribs On SPIP-Zone, 98 visitors now

Home > Interactivité, échanges > Antispam Solutions > Hiding email addresses

Hiding email addresses

14 December 2004 – by paolo – commentaires

3 Votes

Two methods of hiding email addresses in Spip’s text fields from spam robots

On our site we need to publish some contact lists which include email addresses. In order to avoid the “harvesting” of these addresses by spam robots they need to be hidden in some way. Here are two ways of doing this, which (I hope) are adequately secure.

Both methods make use of the apres_propre “entry point”, which is provided in Spip from version 1.7 onward, to intercept the text stream.

I should say that this whole contribution comes with a Health Warning attached: I do not know a lot about PHP, and the Regular Expressions here are among the first I have written (they may well be the last, too...).

Method 1

In the file ecrire/mes_options.php3 (create this file if it does not already exist), place these lines (making the change noted at point 3):

How does it work?

1. First, we look for all the instances of mailto: and match the following characters up until the next inverted commas, space or closing angle bracket, and count that as an email link.

Next the link (which may of course contain capital letters) is forced to lower-case. At the same time a “tip” is added to the link. When the visitor to the page clicks on the link, this text will be inserted into the body of the new email telling them what to do in order to make the email address valid.

2. The @ is replaced with the replacement string which is defined at the beginning of the function and which you can change according to taste. Here, I’ve chosen a capital M. As the link contains only lower-case letters this will be easy for the visitor to see to replace, but hopefully incomprehensible for robots.

3. Mail robots apparently usually look for the text “mailto:” so it makes sense to change it a bit. To make it a bit more confusing the string of entities uses a mixture of hex and decimal encoding.

4. This next regular expression checks if between a closing angle bracket and a </a there is an @ character anywhere. This will usually be indicative of an email address having been given as the text of a link. So this text is converted in the same way. It would be possible to just change this text to something like “Send email” - as is done in the second method.

Advantages of this method

-  It will be (I think) good at hiding the addresses from robots.

-  Unlike Spip’s default |antispam filter, it will not convert every @ sign in the text, but just the ones in email links (so you can still write sentences like: “C U @ 9”, she texted to her friend - ok, no great advantage!)

-  The spaces in the email address produced by the default |antispam filter produces quirky effects in some email software when the email links are clicked. This allows you to avoid that.

Disadvantage of this method

-  It’s tiresome for the person clicking on the link to have to correct it manually.

Method 2

In the file ecrire/mes_options.php3 (create this file if it does not already exist), place these lines:

Then, in the <head> section of the templates where text with emails may appear place these lines:

Alternatively, you can of course put this function in a separate .js file and link your templates to it using a line like this:

<script type="text/javascript" src="mes_scripts.js"></script>

How does it work?

The function matches strings beginning with mailto: until it finds a pair of inverted commas. So it is important that the email links be well formed with the href attribute enclosed in double inverted commas (email links made with Spip’s shortcut are like this).

Then the email link is jumbled up by assigning bits of it to different attributes.
So a link that contains
<a href="me@nowhere.net" ...
is transformed into
<a href="#" name="nowhere.net" title="me" onClick="location.href = dolink(this.title, this.name); return false;" ...

The email is only decoded when a visitor clicks on the link.

If the text of a link contains an @ the whole text is replaced; in this case by the word [Email].

Advantages of this method

-  All the advantages of the first method, plus

-  The link works when it is clicked and doesn’t need correcting manually.

Disadvantage of this method

-  The link will only work if the visitor has a browser with Javascript. Otherwise they will not be able to get at the email address at all.


Note (June 2005): This contrib has now been superseded by “Un système antispam”, published in French.

updated on 25 January 2007

Back to top

Your comments

  • On 29 December 2004 at 11:20, by tibo Replying to: > Hiding email addresses

    I also created my personnal hiding method. It’s a mix of your 2 methods and some salt.

    The code is designed for french sites but you can update it. If you are interested for the code, ask me.

    • On 3 January 2005 at 15:40, by ? Replying to: > Hiding email addresses

      Cela me semble bon! J’ai aussi dévelopé mes idées un peu après avoir écrit cette contrib.


    Reply to this message

Comment on this article

Who are you?
  • [Log in]

To show your avatar with your message, register it first on gravatar.com (free et painless) and don’t forget to indicate your Email addresse here.

Enter your comment here Les choses à faire avant de poser une question (Prolégomènes aux rapports de bugs. )
Add a document

Back to top

Here they're talking

  • (fr) Mediabox avec texte

    30 mars 2015 – 19 commentaires

    Tout pareil que la Mediabox de SPIP sauf qu’on affiche le titre entier et la description entière de l’image dans l’agrandissement de l’image. La présence simultanée de texte et image n’est pas forcément évidente à réaliser dans un agrandissement (...)

  • (fr) Simple Calendrier v2

    25 février 2016 – 27 commentaires

    Il s’agit de la version pour SPIP 3 du plugin Simple Calendrier. Le plugin « simple calendrier » permet de gérer des évènements en ajoutant un nouvel objet éditorial dans l’administration de votre site SPIP. Il peut constituer une alternative au plugin (...)

  • (fr) Installation de SoyezCréateurs

    24 juin 2009 – 168 commentaires

    SoyezCréateurs est un squelette très paramétrable, multi-usages, RWD et accessible (WCAG/RGAA). Créé à l’origine pour SPIP 1.6 en 2003, il a évolué avec SPIP et est parfaitement adapté à SPIP 3.2 ! Installation Le squelette SoyezCreateurs est un (...)

  • (fr) Adaptive Images

    15 novembre 2013 – 83 commentaires

    Un plugin pour permettre aux sites responsive d’adapter automatiquement les images de la page à l’écran de consultation. Adaptive Images, que l’on pourrait traduire par Images adaptatives, désigne la pratique qui vise à adapter les taille, (...)

  • (fr) Polyhiérarchie

    14 juillet 2009 – 188 commentaires

    Ce plugin permet de rattacher un article ou une rubrique à plusieurs rubriques parentes.