[pmwiki-users] Trivial eProtect suggestion

Simon s-i-m-o-n at paradise.net.nz
Tue May 17 05:53:00 CDT 2005

For action=edit
is it possible for a script (cf the edit scripts) to unmunge the email 
address on the client once it is in the textarea?

For action=source
I'd suggest either disabling it,
or munging it as it is generated
eg mailto:foo.bar at foobar.com to mail to foo (dot) bar (at) foorbar (dot) com

Patrick R. Michaud wrote:

>On Sun, May 08, 2005 at 12:10:02PM +1200, Simon wrote:
>>The best way to protect email addresses properly is to only build them
>>on the client side using a script.
>>(email harvesters are unlikely to go to effort of interpreting a javascript)
>>For a trivial eProtect I'd like to have
>>* PmWiki generate a call to a javascript routine for every mailto link it 
>>* I don't want to see them munged in the wiki.d files, and simply
>>changing them to character entities may help, but is really trivial to
>>overcome and provides no protection!
>If you don't munge the addresses in the wiki.d/ files, then address
>harvesters can grab the cleartext addresses via ?action=edit or
>?action=source (unless you have those password protected somehow).
>Or, you have to be sure to munge them when displaying those forms,
>which basically amounts to same thing as munging them in the wiki.d/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20050517/36a3ef72/attachment.html 

More information about the pmwiki-users mailing list