using regular expression to hide email address from spam bots

Question

i am dynamically rendering multiple email addresses (mail to: ) on a webpage.

i obliviously need to hide these from spam bots.

the simplest solution that i found is this:

<a href="mailto:coxntact@domainx.com" onmouseover="this.href=this.href.replace(/x/g,'');">link</a>

this involves putting a fake characters: "X" within the email address and then removing these once the link is click, copied or pasted.

it works- however the drawback is that it remove all "x"'s from the address. since i cannot guarantee that my dynamically rendered emails will not contain "x" this solution-as is, it not right for me.

a better solution would be to put 3 or more 'X' at the start/end of each email address and then using the above code to remove them once the link is clicked

i.e:

    <a href="mailto:XXXcontact@domain.comXXX"
onmouseover="this.href=this.href.replace(/x/g,'');">link</a>

what i now need to do is use regular expression to THEN remove the first 3 'x' from the email address when its clicked

i tried the below but it did not work:

  <a href="mailto:xxxcontact@domain.comXXX"
onmouseover="this.href=this.href.replace(^[\s\S]{0,3});">link</a>

Usually, for this purpose, rarely used symbols are added. Or a very uncommon string. `x` is rather common, isn't it? — Wiktor Stribiżew, Sep 05 '17 at 10:47
_“i obliviously need to hide these from spam bots”_ - nonsense. Spammers _will_ get the address sooner or later - from the contact list of someone else they hacked, by simply guessing, ... These days, on should invest in a proper spam filter, not in nonsense measures like this (which makes the whole thing inaccessible if f.e. a user with JS disabled needed to get it.) — CBroe, Sep 05 '17 at 11:09
yes CBroe. no method is totally bullet proof. all we are trying to do is to reduce the number of attacks- spam filters will indeed be deployed. but its still worth having a front end filter — theSeeker, Sep 05 '17 at 11:19

Charles Salmon · Accepted Answer · 2017-09-05T11:20:43.167

The replace method expects two parameters - first the regex you're matching against, and second the value you want to replace matches with. It is also expected that your regex pattern will have flags to explain the behaviour of matches. For instance, g will match over the string it is operating on, globally, and i will match in a case-insensitive manner.

The regex you're after here would probably be more along the lines of:

^(mailto\:)x{3}(.*)x{3}$

That is, you're aiming to capture mailto:, which is expected at the beginning of the string, then to discard 3 x or X chars, followed by capturing the email address, but not the 3 x or X chars that are expected at the end of the string.

This would fit into the replace method in the following manner:

.replace(/^(mailto\:)x{3}(.*)x{3}$/i, '$1$2')

That said, would it not be fair to say that an email address could be inclined to include x or X characters consecutively? If so, you should either replace each occurrence of x{3} and the corresponding matches that you're prepending/appending to the email address with something less likely to be contained in an email address, or devise an alternative approach to the problem.

hi Charles. i tried it but it does not work. here is my code: link — theSeeker, Sep 05 '17 at 11:13
My apologies, I intended to use quotes to surround the second argument of `replace`. I have edited the solution accordingly. — Charles Salmon, Sep 05 '17 at 11:22

score 0 · Answer 2 · answered Sep 05 '17 at 10:50

0

You could try something along the lines of

<a href="mailto:^$^contact@domain.com^$^" onmouseover="this.href=this.href.replace(/[\^][\$][\^]/g,'');">link</a>

It would basically replace the occurences of ^$^ instead of something common as X or XXX

answered Sep 05 '17 at 10:50

Manav

1,357
10
17

score 0 · Answer 3 · answered Sep 05 '17 at 11:27

I would avoid adding more or less common characters in your mail address for obfuscation purposes. Rather try some kind of very basic encryption, such as toggling the bits or taking the string char by char, and increasing the char code by a fixed value.
Example:

var mailto = "mailto:contact@domain.com";
var obfuscated = "";
for (let i = 0; i < mailto.length; i++) {
    obfuscated += String.fromCharCode(mailto.charCodeAt(i) + 7);
}
//obfuscated now looks like this: "thps{vAjvu{hj{Gkvthpu5jvt"
//to reverse the process, do the same thing and subtract 7.
//You could extract the code to a method that you simply call with "onmouseover"

Hope this helps, despite not precisely answering your question :)

using regular expression to hide email address from spam bots

3 Answers3