Preventing spam in email profile
Reported by Kristopher Murata | June 28th, 2008 @ 01:44 PM
I noticed that the email field in profile converts automatically the contents to a link (mailto or http), so when I tried changing my email for something like "email at gmail dot com" to prevent inconvenient spam appear a link: "http://email%20at%20gmail%20dot%20com".
I would suggest sanitizing the content to verify that it's really an email and later convert it to a mailto link (same for an url, but converts into a http link), otherwise just keep the content in plain text. What do you think?
Example: http://github.com/krs/
Comments and changes to this ticket
-
PJ Hyett June 28th, 2008 @ 02:41 PM
- → State changed from “new” to “invalid”
The email is encoded via javascript, so it can't be scrapped from the page (at least very easily).
chris@ozmm.org turns into the following when viewing the source:
eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%63%6c%61%73%73%3d%22%65%6d%61%69%6c%22%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%63%68%72%69%73%40%6f%7a%6d%6d%2e%6f%72%67%22%20%69%64%3d%22%70%72%6f%66%69%6c%65%5f%65%6d%61%69%6c%22%3e%63%68%72%69%73%40%6f%7a%6d%6d%2e%6f%72%67%3c%2f%61%3e%27%29%3b'))
-
Kristopher Murata June 28th, 2008 @ 03:25 PM
I see, it's more complicated that I thought. However thank you for changing the email on my profile.
Please Login or create a free account to add a new comment.
You can update this ticket by sending an email to from your email client. (help)
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
