Email address contains javascript tags

Question

nigelburrell 0 Light Poster

15 Years Ago

Hi,

I'm not entirely sure which forum to post this question because I cannot determine whether it's a MySQL, Joomla, or PHP issue. But I will post it here, as some of you may know about this.

I am using a custom built "user" table in my MySQL database, and the email addresses are being stored in plain text as VARCHAR(60). However, when I retrieve an email address from a record, and then display it on my webpage, it appears as an "email link" and not as plain text.

This is the code I'm using to retrieve the email address from the MySQL database.

------------------------------------------------------

$check = mysql_query("SELECT * FROM users WHERE ID = '$userID'");
if ($info = mysql_fetch_array( $check ))
{ 
   // Get db fields
   $email = $info['email'];
}

echo $email;

------------------------------------------------------

The PHP code works fine, but the email address variable now contains the following javascript information only after it's been retrieved from the database...

<script language='JavaScript' type='text/javascript'> <!-- var prefix = 'ma' + 'il' + 'to'; var path = 'hr' + 'ef' + '='; var addy22091 = 'mykiwifriend234' + '@'; addy22091 = addy22091 + 'hotmail' + '.' + 'com'; document.write( '<a ' + path + '\'' + prefix + ':' + addy22091 + '\'>' ); document.write( addy22091 ); document.write( '<\/a>' ); //-->\n </script> <script language='JavaScript' type='text/javascript'> <!-- document.write( '<span style=\'display: none;\'>' ); //--> </script>This e-mail address is being protected from spambots. You need JavaScript enabled to view it <script language='JavaScript' type='text/javascript'> <!-- document.write( '</' ); document.write( 'span>' ); //--> </script>

So, my question is... all I need is the "plain text" email address (as I need this to populate an editable text box on my webpage), but where is this additional javascript information coming from? ...and how can I strip this javascript data so I can obtain just the email address itself?

Thanks

java javascript mysql

3 Contributors
8 Replies
163 Views
2 Days Discussion Span
Latest Post 15 Years Ago Latest Post by nigelburrell

pritaeas 2,194 ¯\_(ツ)_/¯

15 Years Ago

Since you mention Joomla, it is possible that this is Joomla's way of storing e-mail addresses. You could use a regular expression to strip all unnecessary code, but there could be a lot of exceptions. Maybe Joomla has a function to retrieve it built-in.

almostbob 866 Retired: passive income ROCKS

15 Years Ago

This is Joomla's spam protection
Joomla has a plugin that obfuscates email addresses, to make it harder for scrapers and bots.
The visible address and effective address are not changed, just what robots can see.
you can probably disable the plugin somewhere in Joomla configuration.
There is likely a 'howto' on setting up the editbox without disabling spam protection, somewhere on the web. Joomla is a popular cms

Sometimes the help, is worse than the problem

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

nigelburrell 0 Light Poster · Answer 1 · 2009-07-02T20:19:42+00:00

Since you mention Joomla, it is possible that this is Joomla's way of storing e-mail addresses. You could use a regular expression to strip all unnecessary code, but there could be a lot of exceptions. Maybe Joomla has a function to retrieve it built-in.

Thanks your response. I found where in Joomla this is occuring. The email addresses are stored as plain text in the database, but Joomla uses a plug-in called Email Cloacking which obfuscates email addresses prior to showing them on the webpage. I simply disabled this plug-in and now all email addresses appear as plain text.

nigelburrell 0 Light Poster · Answer 2 · 2009-07-02T20:29:22+00:00

This is Joomla's spam protection
Joomla has a plugin that obfuscates email addresses, to make it harder for scrapers and bots.
The visible address and effective address are not changed, just what robots can see.
you can probably disable the plugin somewhere in Joomla configuration.
There is likely a 'howto' on setting up the editbox without disabling spam protection, somewhere on the web. Joomla is a popular cms
Sometimes the help, is worse than the problem

Exactly. I discovered that Joomla has a plug-in called Email Cloacking which obfuscates email addresses prior to showing them on the webpage. I simply disabled this plug-in and now all email addresses appear as plain text.

Can I ask your opinion though... even though I'm disabling an important spam protection function, I'm assuming it doesn't matter given that email addresses are only appearing in text boxes in user-login access webpages (not publicly-accessable pages). Does that matter? Obviously, if the email addresses were published on public access pages, then yes... it's a risk, but what if they were only shown in text boxes on registered pages requiring user-login access? Surely scrapers and bots can't access such pages given that they are protected behind user logins - they would need to simulate a user login to access such information, right? Or is it best to keep the obfuscation protection enabled, and find another method to populate the text boxes with the plain text version?

Actually, I hope you don't mind but I'm going to start a new post with this subject as I'd like to gauge other user's ideas and thoughts on this. But please feel free to comment to this post if you wish. Thanks again for your post.

almostbob 866 Retired: passive income ROCKS · Answer 3 · 2009-07-02T22:17:18+00:00

that address is sent in clear text through however many relays, proxies, exist in the traceroute between your host and the user,
any one of them could be compromised
with an appropriate packet sniffer no plain text is safe
how likely do you enticipate interception
you could use something like
break the address at the @ sign, send two parts to
2 text boxes
1 for user name
1 for domain
and not sent the @ sign at all, and reconstruct the address in php/asp before submitting to the database,

nigelburrell 0 Light Poster · Answer 4 · 2009-07-03T02:26:46+00:00

that address is sent in clear text through however many relays, proxies, exist in the traceroute between your host and the user,
any one of them could be compromised
with an appropriate packet sniffer no plain text is safe
how likely do you enticipate interception
you could use something like
break the address at the @ sign, send two parts to
2 text boxes
1 for user name
1 for domain
and not sent the @ sign at all, and reconstruct the address in php/asp before submitting to the database,

Interesting solution, I might think about doing that. Thanks for the idea.

almostbob 866 Retired: passive income ROCKS · Answer 5 · 2009-07-03T03:58:04+00:00

Interesting solution, I might think about doing that. Thanks for the idea.

I was thinking that spambots search for email addresses that always contain a '@' SO something that doesnt include a @ will get past <input type='text' id='mailaccount'>@<input type='text' id='maildomain'>

$mail = $_post['mailaccount'].'@'.$_post['maildomain'];

I put a link to this page in all my home pages
http ://w ww.auditmypc.com/freescan/antispam.html
(link broken not sure if I would be violating DaniWeb policy),
it generates 50 fake email addresses every load to poison spambots

nigelburrell 0 Light Poster · Answer 6 · 2009-07-03T09:12:00+00:00

What a great idea to put two textboxes alongside each other with the "@" character in the middle. I will code this and see how it works.

Actually, I had to smile when I read your comment about the auditmypc website generating fake email addresses to poison spambots... what a great idea to fight back against spam!!