Essays on self-improvement, software development, and esports.
© 2022. All rights reserved.
Keeping email addresses away from harvester bots is an old problem. I decided to apply some new technology to it.
I think the third option is the best. But there’s a catch.
Putting an inline
<script> tag in your HTML is considered a bad practice. There
that allows user-created content, like a comment section. If it’s not properly sanitized, it can attack any user who views the page).
Edited 05-30: I changed the encryption algorithm from what I had originally, because the first version was sometimes producing characters outside the HTML safe range.
Now I have two separate pieces of code, one that will encrypt the email addresses when it renders the HTML, and another that will decrypt them on the client side, after it’s downloaded the encrypted links. This raises a new issue.
On the Ruby side, I have these functions added in
All this does is randomly shift each character by a few positions (eg, “b” becomes “o” or “m”). Again, it’s not very sophisticated. It’s maybe
one step up from rot-13. But it doesn’t have to be cryptographically secure, since all we’re trying to do is confuse some bots.
With this helper, in any template I can write
<%= obfuscated_email_tag 'email@example.com' %> and it will come out looking something like
<a data-controller="obfuscate" data-obfuscate-address-value="BblfbokfG}ke|dpe}f+lzu%dc" href="#">. That doesn’t look anything remotely
like an email address.