CMS Made Simple Forums

Posted: **Mon Nov 15, 2010 12:46 pm**

CMSMS v1.9
Code:-

{mailto address="m.mouse@wonderland.mil" encode="javascript" subject="What's This For!"}

Generated page source:-

Code: Select all

<__script__ type="text/javascript">eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%6d%2e%6d%6f%75%73%65%40%77%6f%6e%64%65%72%6c%61%6e%64%2e%6d%69%6c%3f%73%75%62%6a%65%63%74%3d%57%68%61%74%25%32%37%73%25%32%30%54%68%69%73%25%32%30%46%6f%72%25%32%31%22%20%3e%6d%2e%6d%6f%75%73%65%40%77%6f%6e%64%65%72%6c%61%6e%64%2e%6d%69%6c%3c%2f%61%3e%27%29%3b'))</__script><a style="" href="mailto:m.mouse@wonderland.mil?subject=What%27s%20This%20For%21">m.mouse@wonderland.mil</a>

Same failure to obscure the email address occurs using javascript_charcode, and hex (with the Subject: attribute removed). Single or double quotes makes no difference (double quotes needed for Subject: due to spaces).

No mention of this problem on Smarty.net - the documentation there (copied into the documentation on this site) has the important parts of the generated source snipped.

Posted: **Tue May 10, 2011 7:33 pm**

I wanted to reactivate this post, since there doesn't seem to be any resolution. We're having the same issue - it spits out some script that doesn't seem to do anything, then places the standard href mailto tag afterwards, which is wide open to spam. An example can be found here - each Board member email has been inserted using the Smarty {mailto} tag:
http://www.sitecanada.org/index.php?page=board

And because I always forget this, we're running version 1.9.2. I've also been able to duplicate it on a few other sites of a similar vintage.

Posted: **Thu May 12, 2011 3:14 am**

I've tried this on various servers and it works as intended. I tested it on 1.9.3, 1.9.4.1, and even 1.6.8. Can you paste more of the surrounding template/content, or a link to the live page?

Posted: **Thu May 12, 2011 2:16 pm**

Thanks for the reply. It made me go back and look at the code and results a bit more carefully, and you are correct - it is working.

Seems our reliance on tools like Firebug, and viewing code post-processing, is what led us to believe it wasn't working. If you view the source code from the site in my previous post you can see that the addresses are obscured. If you Inspect it (in say Firebug or with Chrome), you see the processed results, which show both a piece of script and the full link. The same goes for View Selection Source (another shortcut I use too much, apparently!).

This one's solved as far as I'm concerned. Thanks again.

CMS Made Simple Forums

Smarty mailto tag not obscuring email address

Smarty mailto tag not obscuring email address

Re: Smarty mailto tag not obscuring email address

Re: Smarty mailto tag not obscuring email address

[SOLVED] Smarty mailto tag not obscuring email address