#4799 closed enhancement (duplicate)
E-mail Masking
| Reported by: | anonymous | Owned by: | Jonas Borgström |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | general | Version: | 0.10.3 |
| Severity: | critical | Keywords: | |
| Cc: | Branch: | ||
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description
All e-mail addresses rendered by Trac must be masked. They cannot be simply placed in the page as is, as it's done today. In the current version it is just too easy for spam bots to catch all addresses in a Trac site.
On Tickets, the "Reported by" and "Cc" labels must be masked. The Wiki instead could provide a core Macro for that job. Probably there are even other points where addresses are rendered.
An efficient masking system is to simply replace the address with a JavaScript code to write it in the page. Something like this:
<script type="text/javascript"> var d = 'domain.com' ; var n = 'user.name' ; document.write( '<a href="mailto:' + n + '@' + d + '">' + n + '@' + d + '</a>' ) ; </script>
If the above is retained to not be the best way, any solution to not render the address directly is ok.
Maybe a note near e-mail related input fields saying "Your e-mail will be masked for protection against spam (what's this? (link))" is also a good idea, so users will be ok to included their addresses.
Please don't underestimate this problem. This is a critical issue that certainly needs a lot of attention.
Attachments (0)
Change History (2)
comment:1 by , 17 years ago
| Resolution: | → duplicate |
|---|---|
| Status: | new → closed |
comment:2 by , 17 years ago
Yes, the feature is mostly implemented (for 0.11), but what will help a lot is careful testing, in order to see if we didn't miss some obfuscation here and there.
So it would be really appreciated if someone could summarize in #153 the things that are left to be done before we close that ticket.
eblot, you beat me once again at the closing duplicate ticket game, damn! ;-)
Duplicate of #153