3

I'm working on Businesss Catalyst Web App right now and I have a serious problem. I need to obfuscate an email field of the Web App. Unfortunately there is no easy way of doing it because all of the info from the web app item is being put on the HTML page without any pre-processing(since we dont have access to the back-end of BC).

Here is my code right now:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>

<script>
    <!--

    function CryptMailto()
    {
        var n = 0;
        var r = "";
        var x = document.getElementById("test");
        var s = "mailto:"+x.value;
        var e = x.value;

        e = e.replace( /@/, " [at] ");
        e = e.replace( /\./g, " [dot] ");

        for( var i=0; i < s.length; i++ )
        {
            n = s.charCodeAt( i );
            if( n >= 8364 )
            {
                n = 128;
            }
            r += String.fromCharCode(n+1);
        }

        return "<a href=\"javascript:linkTo_UnCryptMailto('"+ r +"');\">"+ e +"</a>";
    }

    function UnCryptMailto( s )
    {
        var n = 0;
        var r = "";
        for( var i = 0; i < s.length; i++)
        {
            n = s.charCodeAt( i );
            if( n >= 8364 )
            {
                n = 128;
            }
            r += String.fromCharCode( n - 1 );
        }
        return r;
    }

    function linkTo_UnCryptMailto( s )
    {
        location.href=UnCryptMailto( s );
    }
    // -->
</script>


</head>

<body>


<input style = "" id = "test" type = "text" value = "test@gmail.com" />

<script>document.write(CryptMailto());</script>

</body>
</html>

Now the problem is that the hidden field can still be viewed through "View Source".

Is there a way to pre-process a field before it gets onto the front page?

Kalvin Klien
  • 911
  • 1
  • 12
  • 32

3 Answers3

3

Although not entirely what you want, you could output the email on a different page (with checks to redirect to the homepage if not being called from specific page) and then Ajax the email in. This would not show up in the view source but in some browsers would show up in the inspect element (chrome/Firefox) as these tend to show the updated code. Again, not ideal but makes it a bit harder for someone to grab the email.

UPDATE If you wanted to take it a step further, once you AJAX the email into a container on your page, store in javascript variable and then replace the content of the container you dumped you AJAX results into with something else, so if someone was to inspect the output of that region, it will have been replaced with your dummy text (or blank).

Michael Sallander
  • 103
  • 5
  • I have an update to this answer. Thanks to liquid we have more control over the backend and this is much easier. The short answer is, using liquid, automatically convert the @ sign in email addresses to /at/ so the email does not appear in source code. Then use javascript to replace the /at/ with @ in the mailto and display for the user. For more details, we do have a tutorial that goes over the implementation: http://www.bcacademe.com/tutorials/output-email-addresses-without-the-spam – Michael Sallander Nov 16 '15 at 17:06
1

I talked to BC support and basically there is no way of doing this since it`s a sandbox CMS:(

Kalvin Klien
  • 911
  • 1
  • 12
  • 32
0

In the past, I've allowed the customer to enter a pre-obfuscated email link directly into a field in the webapp.

I think this is the only solution in your case.

Then, provide the client with a link to a tool to obfuscate the email such as http://www.albionresearch.com/misc/obfuscator.php

Neido
  • 181
  • 7