Protecting e-mail address in XHTML

[Kerberos]

I have XHTML pages that I deliver as application/xhtml+xml
I used to have a Javascript that hid an e-mail address from spam bots, but
displayed properly the e-mail address on web browsers.
How would you show an e-mail address in the browser but protecting it from
spam bots?
What works for text/html doesn't for application/xhtml+xml, such as
document.write...
Do you have a solution?
Thanks,

--

Kerberos.

http://www.opera.com
http://www.freebsd.org
http://www.auriance.com
http://www.osresources.com
http://exodus.jabberstudio.org

 

[Andy Dingley]

I have XHTML pages that I deliver as application/xhtml+xml

Well stop it ! (read Appendix C or c.i.w.a.h )

I used to have a Javascript that hid an e-mail address from spam bots, but
displayed properly the e-mail address on web browsers.

So your problem is nothing to do with email addresses at all, and is
really to do with how to embed JavaScript inside XHTML, without it
being non-well-formed XML.

Either hold the JavaScript in an external document, or use a CDATA
section.

 

[Kerberos]

Either hold the JavaScript in an external document, or use a CDATA
section.

I created a page with an embedded JS protected by CDATA. The page is sent
with MIME type application/xhtml+xml:
http://www.auriance.com/clientes/cpe/essai2.php
It works fine with Opera, IE (sent as text/html in this case), but with
Firefox it won't show the email address.

--

Kerberos.

http://www.opera.com
http://www.freebsd.org
http://www.auriance.com
http://www.osresources.com
http://exodus.jabberstudio.org

 

[Martin Honnen]

Kerberos wrote:

I created a page with an embedded JS protected by CDATA. The page is
sent with MIME type application/xhtml+xml:
http://www.auriance.com/clientes/cpe/essai2.php
It works fine with Opera, IE (sent as text/html in this case), but with
Firefox it won't show the email address.

With Mozilla/Firefox and Opera you can't use document.write in
application/xhtml+xml.
With Mozilla/Firefox you can't use innerHTML either with that content type.
Here is an example to solve the task using DOM scripting:
<http://home.arcor.de/martin.honnen/javascript/200412/test2004122302.xhtml>

I am not sure however that approach to the email harvesting protection
is a viable one but perhaps you can use the script code.

 

[Andy Dingley]

http://www.auriance.com/clientes/cpe/essai2.php

Why not post this to c.i.w.a.h instead ? The script author is a
regular poster there.

 

[Andy Dingley]

I created a page with an embedded JS protected by CDATA.

Your script is built out of dodgy IE-specific JScript.

e.innerHTML = "<a href=\"mailto:" + address + "\">" + address +
"</a>";


I haven;'t looked closely, but I think Opera supports this, Mozilla /
Firefox don't (sadly). You can achieve similar results in a compliant
manner, but with a _lot_ more code -- you'd need to create a <link>
element as a JavaScript object with document.createElement() and then
insert it into the HTML document with HTMLDomElement.appendChild()

 

[Kerberos]

Here is an example to solve the task using DOM scripting:
<http://home.arcor.de/martin.honnen/javascript/200412/test2004122302.xhtml>

At last! Thanks, it's working on "major" browsers, including Opera that I
use as default browser.
Take care,

--

Kerberos.

http://www.opera.com
http://www.freebsd.org
http://www.auriance.com
http://www.osresources.com
http://exodus.jabberstudio.org

 

[Randal L. Schwartz]

Kerberos> How would you show an e-mail address in the browser but protecting it
Kerberos> from spam bots?

Please <a href="mailto:[email protected]">send
mail to me at <tt>[email protected]</tt></a> and I'll reply.

That's sufficient for today's bots. Unlikely need to change, because
there's SOO many low hanging fruit there. No Javascript required. Nothing
fancy. Just replace the @ with @ and you're done.

Spammers do *not* de-entitize. This has been observed repeatedly. There's
no point in working harder than you must.

 

[David Håsäther]

Spammers do *not* de-entitize. This has been observed repeatedly.

If you have a report or similar saying that, I would be interested in
reading it (sounds like I don't believe you, I know, but that's not the
case