xml mailto: changed to javascript to prevent spam

Forum Moderators: open

Message Too Old, No Replies

xml mailto: changed to javascript to prevent spam

xml to JavaScript?

dantra

4:11 am on Apr 27, 2007 (gmt 0)

I created a document using Acrobat Designer with a submit button. How do change the XML that the form created. It's a mailto:, I would like to change that so spammers won't read the e-mail. Here is what the document created

I would like to create a mailto: in JavaScript so I won't get spammed but don't know how to implement it back into the document.
here is what i have so far:
Code:

I would also like to know how to change a regular hyperlink to xml so it will show up as a link in the doucment but in xml language. (hope i made myself clear).

cmarshall

10:26 am on Apr 27, 2007 (gmt 0)

Welcome to WebmasterWorld!

Well, you could use on-browser XSLT to transform anything to anything else (You could change "pollywollydoodleallday" to "day@pol.com"), but I'd think that this is not a particularly effective way to do it. Also, if it becomes common enough a technique, the spammers will simply start executing XSLT scripts in their 'bots.

You should, as a standard best practice, NEVER allow a destination address to be specified in a mail form. It should ALWAYS be resolved on the server. This is because a mail form that allows the destination address to be determined by the sender is a valuable thing to a spammer. It's a variation of an open relay, and they would probably take the time to figure out what you've done.

You could use XSLT to transform links as well in the browser, but make sure that you are willing to pay the price in lost browser support. Sometimes, the fox ain't worth the chase.

I'd suggest using JavaScript, as opposed to on-browser XSLT.

As an aside, someone told me that the World of There is all done in on-browser XSLT, and even requires Windows IE for most of the registered user stuff.

cmarshall

11:55 am on Apr 27, 2007 (gmt 0)

I gave this a little thought, and you could do something like use XSLT to create a "key" from the email address that is matched to a value on the server.

For example, you can have an XSLT template that looks like so:

<xsl:template match="pol@day.com">
<xsl:element name="input">
<xsl:attribute name="type">hidden</xsl:attribute>
<xsl:attribute name="name">to_lookup</xsl:attribute>
<xsl:attribute name="value">pol</xsl:attribute>
</xsl:element>
</xsl:template>

With "@day.com" added on the server. Won't prevent you getting spam, but it would keep your server from becoming an open relay, which, take my word for it, you do not want to happen. I've had it happen, and it is a VERY BAD THING.

You could get fancier, like use XPath to parse the address and generate an ID straight from that, but I'm not [yet] an XSLT expert.

dantra

7:09 pm on Apr 27, 2007 (gmt 0)

I researched some of your suggestions and the advice I liked and made the most sense was when you said:

�NEVER allow a destination address to be specified in a mail form. It should ALWAYS be resolved on the server.�

I�m limited when it comes to server-side language, all I know is XHTML and CSS with a sprinkle of JavaScript.
What would you suggest I do or how do I go about this.
Many Thanks
Dan

cmarshall

7:58 pm on Apr 27, 2007 (gmt 0)

Well, the problem is that you want to make an email address "mailable", without hanging it out there for all the world to see/spam.

There are three ways to do this:

1) Post a "mailto:" link

Pros: Very easy and low-tech. Doesn't need server-side software.

Cons: Hanging out there for all the world to see.

2) Create a server-side mailing form (can be done with XSLT).

Pros: Most secure and easy to use.

Cons: High geek factor. You need to know at least a server-side language (NOTE: Many ISPs actually make it relatively easy to set up server-side forms with CGI scripts).

3) Create a browser-descrambled "mangler," like a browser-rendered XSLT script, or a JavaScript function to demangle.

Pros: Pretty kewl, doesn't require server-side tech.

Cons: You think a PHP form is high geek factor? Also, a dedicated spammer can eventually crack this (although it may not be worth the effort).

I always take #2, but, again, you DON'T want to have a script where the destination email address is specified from the browser without completion/intervention/filtering from the server.

dantra

11:26 pm on Apr 27, 2007 (gmt 0)

First of all, thank you for your help and patience, particularly the explanations.
I do have very limited knowledge working with CGI scripts.
Actually the only thing I ever changed on the script was to suit my mail-form needs, like changing:

$mailprog = '/usr/sbin/sendmail -oi -t';

@referers = qw(yourdomain.com localhost);

@allow_mail_to = qw(user@yourdomain.com localhost);

From: user@yourdomain.com

to suit me, obviously I replaced "yourdomain.com" and "user" with whatever my domain name and email addy is.

OK I'm starting to think there is some light at the end of this tunnel. Is there a tutorial or a site I can go to that would explain the process to me. :fingers crossed:

2) Create a server-side mailing form (can be done with XSLT).
Pros: Most secure and easy to use.
Cons: High geek factor. You need to know at least a server-side language (NOTE: Many ISPs actually make it relatively easy to set up server-side forms with CGI scripts).

Yes the ISP provider has exactly that so I guess I'm on my way, however, I would appreciate a link or perhaps someone here already tackled this dilemma. I tried searching the forums but it didn't yield any results that would walk me through this.

This is the header of the form up to the title. I tried looking for any suggestions that would explain implementing a CGI script to work with this form but I came up empty.

<?xml version="1.0" encoding="UTF-8"?>
<?xfa generator="AdobeDesigner_V7.0" APIVersion="2.2.4330.0"?>
<xdp:xdp xmlns:xdp="http://ns.adobe.com/xdp/">
<template xmlns="http://www.xfa.org/schema/xfa-template/2.2/">
<subform layout="tb" locale="en_US" name="form1">
<pageSet>
<pageArea id="Page1" name="Page1">
<contentArea h="10.5in" w="8in" x="0.25in" y="0.25in"/>
<medium long="11in" short="8.5in" stock="letter"/>
<?templateDesigner expand 0?></pageArea>
<?templateDesigner expand 0?></pageSet>
<subform h="266.7mm" w="203.2mm">
<area name="Header" x="12.7mm" y="6.3501mm">
<draw h="6.35mm" name="StaticText1" w="38.1mm" x="64.855mm" y="6.3499mm">
<ui>
<textEdit>
<margin/>
</textEdit>
</ui>
<value>
<text>Title of Form</text>

Any links that would explain what I'm looking for would be great. Thanks

cmarshall

1:14 am on Apr 28, 2007 (gmt 0)

Well, as far as links go, I don't know enough about your setup to be able to give you much in the way of pointers.

However, this is an XML forum, so you probably won't be happy with whatever answer you get here (it will probably involve XSLT).

You actually have two problems here:

The first, is converting that XML to usable markup. That can definitely be done with XSLT, but it ain't simple. The process has a steep learning curve.

If you are interested in learning up on XSLT, then you can read some of the threads I've posted as I learned up on it:

[webmasterworld.com...]

Be warned: learning XSLT is not for the faint of heart, but it is a way-kewl technology that can do some pretty wild stuff.

The other issue is a server-based mailing form. That, you need to see if another of the WebmasterWorld forums, such as Webmaster General [webmasterworld.com], Perl Server Side Scripting [webmasterworld.com], PHP Server Side Scripting [webmasterworld.com] or New to Web Development [webmasterworld.com] can help you.