Smarty mailto tag not obscuring email address

For questions and problems with the CMS core. This board is NOT for any 3rd party modules, addons, PHP scripts or anything NOT distributed with the CMS made simple package itself.
Post Reply
User avatar
SMF
Forum Members
Forum Members
Posts: 13
Joined: Mon Oct 11, 2010 12:17 pm
Location: behind the keyboard

Smarty mailto tag not obscuring email address

Post by SMF »

CMSMS v1.9
Code:-

Code: Select all

{mailto address="m.mouse@wonderland.mil" encode="javascript" subject="What's This For!"}
Generated page source:-

Code: Select all

<__script__ type="text/javascript">eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%6d%2e%6d%6f%75%73%65%40%77%6f%6e%64%65%72%6c%61%6e%64%2e%6d%69%6c%3f%73%75%62%6a%65%63%74%3d%57%68%61%74%25%32%37%73%25%32%30%54%68%69%73%25%32%30%46%6f%72%25%32%31%22%20%3e%6d%2e%6d%6f%75%73%65%40%77%6f%6e%64%65%72%6c%61%6e%64%2e%6d%69%6c%3c%2f%61%3e%27%29%3b'))</__script><a style="" href="mailto:m.mouse@wonderland.mil?subject=What%27s%20This%20For%21">m.mouse@wonderland.mil</a>
Same failure to obscure the email address occurs using javascript_charcode, and hex (with the Subject: attribute removed). Single or double quotes makes no difference (double quotes needed for Subject: due to spaces).

No mention of this problem on Smarty.net - the documentation there (copied into the documentation on this site) has the important parts of the generated source snipped.
Top
User avatar
tophers
Forum Members
Forum Members
Posts: 218
Joined: Thu Jun 07, 2007 7:25 pm
Location: Calgary, Alberta, Canada

Re: Smarty mailto tag not obscuring email address

Post by tophers »

I wanted to reactivate this post, since there doesn't seem to be any resolution. We're having the same issue - it spits out some script that doesn't seem to do anything, then places the standard href mailto tag afterwards, which is wide open to spam. An example can be found here - each Board member email has been inserted using the Smarty {mailto} tag:
http://www.sitecanada.org/index.php?page=board

And because I always forget this, we're running version 1.9.2. I've also been able to duplicate it on a few other sites of a similar vintage.
Top
User avatar
DIGI3
Dev Team Member
Dev Team Member
Posts: 1785
Joined: Wed Feb 25, 2009 4:25 am
Location: Victoria, BC

Re: Smarty mailto tag not obscuring email address

Post by DIGI3 »

I've tried this on various servers and it works as intended. I tested it on 1.9.3, 1.9.4.1, and even 1.6.8. Can you paste more of the surrounding template/content, or a link to the live page?
Top
User avatar
tophers
Forum Members
Forum Members
Posts: 218
Joined: Thu Jun 07, 2007 7:25 pm
Location: Calgary, Alberta, Canada

[SOLVED] Smarty mailto tag not obscuring email address

Post by tophers »

Thanks for the reply. It made me go back and look at the code and results a bit more carefully, and you are correct - it is working.

Seems our reliance on tools like Firebug, and viewing code post-processing, is what led us to believe it wasn't working. If you view the source code from the site in my previous post you can see that the addresses are obscured. If you Inspect it (in say Firebug or with Chrome), you see the processed results, which show both a piece of script and the full link. The same goes for View Selection Source (another shortcut I use too much, apparently!).

This one's solved as far as I'm concerned. Thanks again.
Top
Post Reply

Return to “CMSMS Core”