Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By ponkarthik on
Hi
I was searching through the forums to find a way to hide the email address from being displayed from posts. But it should create a link to a kind of contact form which will send the mail to the hidden email id.
I found a very interesting discussion here
But there doesnt seem to be a solution yet. Has anyone found a method to filter out email ids from being displayed ?
Any help is appreciated.
Thanks
Karthik
Comments
brainstorming
In Drupal 4.6, use the feedback module for general site contact. Drupal 4.7 will have a general contact module in core. Otherwise, if you wanted to contact an individual, the user pages have a contact tab on drupal.org. Yours is http://drupal.org/user/39556/contact, but you have to be signed in to use it. I don't remember if there's a way to not require a login to use the personal contact form.
I'm guessing what you're talking about is using a filter to convert mailto links in nodes to a contact form link. That might be something that could be added to a contrib module like urlfilter. The two issues I see are figuring out what text to replace it with so people still know it's a contact method, and how to track which link it was in the node. Right now urlfilter just does a blanket preg_replace, so you'd have to replace the email with a md5 hash or something, then have the contact form be able to link the hash back to the original email.
In the interm, it might be possible to do a replacement (albeit resource expensive) to find the username that goes with an email address in a node's content and replace it with a link to their existing personal contact form (like http://drupal.org/user/39556/contact). If they don't have a username to link it to, maybe then do the md5 hash tracking.
email spam proctection.
Yes I am talking about transparently converting the email address in nodes to some clickable link that will take the users to a contact form.
Is there any solution implemented anywhere ?
I think such feature is available in discussion forums like in yahoo.
Regards
Karthik
invisimail
I forgot about the invisimail module before: http://drupal.org/node/30885
It's supposed to convert text to the ascii code equivalents or embed mailto: email in a javascript function. The text output isn't affected. I'm quite skeptical about the real effectiveness of such minor obfuscation, though.
I haven't evaluated
I haven't evaluated Invisimail yet, but regarding JavaScript obfuscation: It can be effective, if it's not transparent (e.g., if there are no "@" symbols or their entity/hex equivalents in the text stream).
I'm convinced that straight-up entity and hex replacement are no longer effective.
The most effective technique I know of is the Hivelogic (formerly Automatic Labs) Enkoder, which I'm sad to say is currently unavailable as a web or Mac app, but is now available as a Ruby On Rails plugin. It uses [used] a JS encryption technique that was really bulletproof, as far as I've ever been able to tell.
I developed a JS-based technique that uses form-submits to obfuscate addresses, but I've never rolled it up into a distributable form. The short version of how it works is that you write a brief form containing the critical parts of the email URI as hidden fields (be sure to give the form a style class that's got display:inline, and you can generally style the submit element so that it looks like linked text), and calls a JS function onSubmit to assemble the parts into an address (and optional arguments), then into a mailto URI, and then go to that URI. For best security, you'd map abbreviations or codes to the actual domain names or TLDs (e.g. the form value would be "ex" for domain "example.com"). I use that technique when I have to generate a lot of email links programmatically. I've also used a less obscure version of the technique with just GET querystrings instead of full-blown forms.
When/if Enkoder ever stops being effective, I'll create the form links and enkode them.
None of that is real useful for Drupal, unless someone bakes them into a Drupal module.
nice thought
I would also love to see such a feature.
Is it somehow possible to "disable" or to remove posted URL's and email adresses within user created content?
Sounds good
This sounds like a good idea. I'd be interested in something that could filter out email addresses from a user's post/comment/content.
For example, if I'm running a community where users have to pay a subscription to allow them to communicate with each other, I wouldn't want them to be able to enter their email addresses into posts.