Context Navigation

Modify ↓

Ticket #4799 (closed enhancement: duplicate)

E-mail Masking

Reported by:	anonymous	Owned by:	jonas
Priority:	normal	Milestone:
Component:	general	Version:	0.10.3
Severity:	critical	Keywords:
Cc:
Release Notes:
API Changes:

Description

All e-mail addresses rendered by Trac must be masked. They cannot be simply placed in the page as is, as it's done today. In the current version it is just too easy for spam bots to catch all addresses in a Trac site.

On Tickets, the "Reported by" and "Cc" labels must be masked. The Wiki instead could provide a core Macro for that job. Probably there are even other points where addresses are rendered.

An efficient masking system is to simply replace the address with a JavaScript code to write it in the page. Something like this:

<script type="text/javascript">
var d = 'domain.com' ;
var n = 'user.name' ;
document.write( '<a href="mailto:' + n + '@' + d + '">' + n + '@' + d + '</a>' ) ;
</script>

If the above is retained to not be the best way, any solution to not render the address directly is ok.

Maybe a note near e-mail related input fields saying "Your e-mail will be masked for protection against spam (what's this? (link))" is also a good idea, so users will be ok to included their addresses.

Please don't underestimate this problem. This is a critical issue that certainly needs a lot of attention.

Attachments

Change History

comment:1 Changed 5 years ago by eblot

Resolution set to duplicate
Status changed from new to closed

Duplicate of #153

comment:2 Changed 5 years ago by cboos

Yes, the feature is mostly implemented (for 0.11), but what will help a lot is careful testing, in order to see if we didn't miss some obfuscation here and there.

So it would be really appreciated if someone could summarize in #153 the things that
are left to be done before we close that ticket.

eblot, you beat me once again at the closing duplicate ticket game, damn! ;-)

View ↑

Add a comment

You may use WikiFormatting here.

Modify Ticket

Change Properties

Summary:
Description:	You may use WikiFormatting here. All e-mail addresses rendered by Trac must be masked. They cannot be simply placed in the page as is, as it's done today. In the current version it is just too easy for spam bots to catch all addresses in a Trac site. On Tickets, the "Reported by" and "Cc" labels must be masked. The Wiki instead could provide a core Macro for that job. Probably there are even other points where addresses are rendered. An efficient masking system is to simply replace the address with a JavaScript code to write it in the page. Something like this: {{{ <script type="text/javascript"> var d = 'domain.com' ; var n = 'user.name' ; document.write( '<a href="mailto:' + n + '@' + d + '">' + n + '@' + d + '</a>' ) ; </script> }}} If the above is retained to not be the best way, any solution to not render the address directly is ok. Maybe a note near e-mail related input fields saying "Your e-mail will be masked for protection against spam (what's this? ''(link)'')" is also a good idea, so users will be ok to included their addresses. Please don't underestimate this problem. This is a critical issue that certainly needs a lot of attention.
Type:		Priority:
Milestone:		Component:
Version:		Severity:
Keywords:		Add/Remove from Cc:	<Author field>
Release Notes:
API Changes:

Action

leave as closed

reopen The resolution will be deleted. Next status will be 'reopened'

change ownership to The owner will be changed from jonas. Next status will be 'closed'

Author

Your email or username:

E-mail address and user name can be saved in the Preferences.

Attachments ↑

Note: See TracTickets for help on using tickets.

Download in other formats: