Roope

Email Obfuscation (EMO)

Recommended Posts

19 hours ago, Roope said:

Hello @Barcelo!

So email addresses are replaced by text set in module config but conversion back to email doesn't kick in, right? Double check that emo.js is really present because it sounds like there's the issue here. Maybe consider adding modules config url to the file path:


<?php echo '<script src=" . $config->urls->modules . EmailObfuscation/emo.min.js"></script>'; ?>

 


I think you meant this ;):

<?php echo '<script src="' . $config->urls->siteModules . 'EmailObfuscation/emo.min.js"></script>'; ?>

This works fine as before - the script gets included just fine.

But, none of the included E-Mails addresses are replaced with any text and elements at all. They are still untouched present in plain text.

So I guess, that the module is "stuck" somehow or not recognized / executed at all during page rendering. Could another module might interfere?

(of course caching is not active :rolleyes:)
(Processwire V 2.7.2)

Share this post


Link to post
Share on other sites
On 9/27/2016 at 11:13 PM, Macrura said:

Feature request: one thing that would be cool is to be able to enable this only for some templates, instead of disable;
because i only need it on the contact page, so i'd need to disable like 30 templates, rather than enable 1, the way it is currently;

Is there any way of conditionally loading this module by the API?

One of the really critical issues here is that the module is still not able to skip stuff like twitter handle (e.g. @processwire)

Thanks @Macrura - I'll try look into these shortly!

On 9/28/2016 at 11:30 AM, Bacelo said:


I think you meant this ;):


<?php echo '<script src="' . $config->urls->siteModules . 'EmailObfuscation/emo.min.js"></script>'; ?>

This works fine as before - the script gets included just fine.

But, none of the included E-Mails addresses are replaced with any text and elements at all. They are still untouched present in plain text.

So I guess, that the module is "stuck" somehow or not recognized / executed at all during page rendering. Could another module might interfere?

(of course caching is not active :rolleyes:)
(Processwire V 2.7.2)

Sorry, I meant $config->urls->siteModules... And is should read your other post mo carefully since you already mentioned that script block is not included in the end of the document so it's not about js script surely. Don't know what other module could be blocking this but what other 3rd party modules you have installed?

Share this post


Link to post
Share on other sites

Thank you Roope  for supporting. :)

Actually I have the following site modules installed at the project:

AllInOneMinify
DiagnoseDatabase
DiagnoseFiles
DiagnoseImagehandling
DiagnoseModules
DiagnosePhp
DiagnoseWebserver
EmailObfuscation
FormBuilder
ImageExtra
InputfieldFormBuilderFile
JqueryDataTables
MarkupMenuBuilder
MarkupSEO
ProCache (not active)
ProcessDatabaseBackups
ProcessDiagnostics
ProcessFormBuilder
ProcessMenuBuilder
ProcessPageListerPro
ProcessProCache
ProcessWireUpgrade
ProcessWireUpgradeCheck
TemplateEngineFactory
TemplateEngineProcesswire

Share this post


Link to post
Share on other sites

Not that I'm familiar with all of thease but first that pops out from the list is TemplateEngineFactory. I haven't used it and have no idea about the logic behind the scenes but if you could temporarily uninstall it and see what happens.

Share this post


Link to post
Share on other sites

slightly off-topic, but just wanted to mention that i was able to solve my problem (loading emo on all pages, and it thinking that the twitter handle in the header was an email address) by just using a hanna code for the email addresses (like [[emo email=mail@example.com]]);

I have a function in my templates that does the email address replacement.

Not trying to discount the utility of this module as it can provide global coverage for email addresses, but possibly for some users who only need to replace a few emails in some specific places, then the shortcode can be useful. Also, if you had a specific field holding the email address, then you could obfuscate it with the same function directly in the template output...

Share this post


Link to post
Share on other sites
9 hours ago, Macrura said:

i was able to solve my problem (loading emo on all pages, and it thinking that the twitter handle in the header was an email address)

I don't experience this problem with this module - for me only email addresses are obfuscated, not twitter handles.

name@testing.com <- this would be obfuscated

@testing <- this is untouched

 

Share this post


Link to post
Share on other sites

ok right, well the main problem i was having was more that i didn't want EMO active on every page of the site, so i loaded the JS myself only on the page i needed it, where there were email addresses.

But it was still finding something it thought was an email on the homepage, and then adding the script tag and thus JS error on the page, plus the overhead of the plugin running on that page.

the obfuscation function i'm using works on each email you trigger it on, so only where you want..

 

 

Share this post


Link to post
Share on other sites

OK, thanks guys!

Like @Robin S posted, we either have never experienced any problems with twitter (or any other some) handles. Can you @Macrura plese give me more detalied example about false positives you faced with?

I was thinking that maybe I could add new 'execution method' to the module config where one could select whether to exclude/include email auto obfuscation at selected templates/pages or go full manual by using public method ever when needed. This would definitely be more flexible than the current route we have in use.

  • Like 1

Share this post


Link to post
Share on other sites

I figured out what it was, it was an embedded Constant Contact sign up form that had the words:

Please enter your email address in name@email.com format

this is actually inside a <script> tag.

In any case your suggestion about the execution method would be really great, because when you know you only need the script to operate on 1 page, and leave the rest of the site untouched, it's really the safest way on a large project where you don't want things to break...

  • Like 1

Share this post


Link to post
Share on other sites
On 30.9.2016 at 10:55 AM, Roope said:

Not that I'm familiar with all of thease but first that pops out from the list is TemplateEngineFactory. I haven't used it and have no idea about the logic behind the scenes but if you could temporarily uninstall it and see what happens.

Actually I can't unistall the module "TemplateEngineFactory" as the template relies on this :(
I'll continue having a deeper look into and try to cut it down.

Share this post


Link to post
Share on other sites

New version is now available at GitHub. Added new option to exclude/include module execution at selected templates/pages + new $sanitizer->emo() method to manually control obfuscation for given string. Please go ahead and try it out!

  • Like 1

Share this post


Link to post
Share on other sites
4 hours ago, PWaddict said:

How can I re-initiate it via AJAX?

Currently this is not possible.

Share this post


Link to post
Share on other sites

The module is set to "autoload' => true, is this surely needed? In my quick test 'autoload' => 'template!=admin' works too.

  • Like 1

Share this post


Link to post
Share on other sites
1 hour ago, tpr said:

The module is set to "autoload' => true, is this surely needed? In my quick test 'autoload' => 'template!=admin' works too.

This module was launched before 2.3.1, which introduced conditional autoloading. Aforementioned change seems reasonable, but means dropping support for 2.2.

... although dropping support for 2.2 at this point doesn't seem like such a huge issue ;)

  • Like 3

Share this post


Link to post
Share on other sites
On 1/13/2017 at 9:34 AM, tpr said:

The module is set to "autoload' => true, is this surely needed? In my quick test 'autoload' => 'template!=admin' works too.

 

On 1/13/2017 at 11:27 AM, teppo said:

This module was launched before 2.3.1, which introduced conditional autoloading. Aforementioned change seems reasonable, but means dropping support for 2.2.

... although dropping support for 2.2 at this point doesn't seem like such a huge issue ;)

 

To be honest, I've missed the whole world of conditional autoloading of PW modules...

Dropping off support for 2.2 isn't any issue. There will be older perfecly functional emo releases available if someone needs it. So I think I'll go ahead and make this change same time I'll add PW namespace to the module - which should happen pretty soon. Thanks for the notice!

 

  • Like 2

Share this post


Link to post
Share on other sites

Thanks!

1 minute ago, Roope said:

To be honest, I've missed the whole world of conditional autoloading of PW modules...

So did I until recently :)

Share this post


Link to post
Share on other sites

Hi @Roope

Looks like module doesn't work when template cache is on. 

It loads 

 var emo_addr = new Array();
 emo_addr[0] = "fA1PLjJh83r7WD9s+apZEH5RTFM0uYwS2Ge6bxVOktKvIndQC4qBUycoim.NlXgz";
 emo_addr[1] = "sJL2Tc4GuoWX8VHn0yXx05jt0182Mh3xF6Ue05jt0haQ9VxdFVXfFRxxTO3QYoWdTcXn7OHG86mt0VFQ+JHmF53q0oYB7VDQ0pmyTZCQTZif";
 if(window.addLoadEvent) addLoadEvent(emo_replace());

just for first time after cache timeout, but cache is saved without it.

Can somebody confirm it? 

And one small feature request: could you change "Replate text string" input from text to text Multilanguage field.

Share this post


Link to post
Share on other sites
On 1.10.2016 at 0:40 AM, Macrura said:

the obfuscation function i'm using works on each email you trigger it on, so only where you want..

Hi @Macrura,

would you mind to reveal more details of your obfuscation function? I would highly appreciate it.

Share this post


Link to post
Share on other sites

I'm using this function in places, seems to work well:

/**
 * Given an email address render the obfuscated version
 *
 * @param $strEmail - an email address
 *
 */
function createMailto($strEmail) {
  $strNewAddress = '';
  for($intCounter = 0; $intCounter < strlen($strEmail); $intCounter++){
    $strNewAddress .= "&#" . ord(substr($strEmail,$intCounter,1)) . ";";
  }
  $arrEmail = explode("&#64;", $strNewAddress);
  $strTag = "<script type='text/javascript'>\n";
  $strTag .= "<!--\n";
  $strTag .= "document.write('<a href=\"mai');\n";
  $strTag .= "document.write('lto');\n";
  $strTag .= "document.write(':" . $arrEmail[0] . "');\n";
  $strTag .= "document.write('@');\n";
  $strTag .= "document.write('" . $arrEmail[1] . "\">');\n";
  $strTag .= "document.write('" . $arrEmail[0] . "');\n";
  $strTag .= "document.write('@');\n";
  $strTag .= "document.write('" . $arrEmail[1] . "<\/a>');\n";
  $strTag .= "// -->\n";
  $strTag .= "</script><noscript>" . $arrEmail[0] . " at \n";
  $strTag .= str_replace("&#46;"," dot ",$arrEmail[1]) . "</noscript>";
  return $strTag;
}

also works well in a hanna code, and doesn't require any additional js files

  • Like 2

Share this post


Link to post
Share on other sites
11 hours ago, ottogal said:

Hi @Macrura,

would you mind to reveal more details of your obfuscation function? I would highly appreciate it.

You can do this with EMO too:

  1. At module settings page set "Obfuscation mode" to "Obfuscate manually..." (OR adjust exclude/include templates/pages settings to have auto obfuscation enabled only where needed).
  2. Then on a page template obfuscate only the parts of markup you want by using $sanitizer->emo() method.
// obfuscate single email address
echo $sanitizer->emo('hello@world.com');

// obfuscate email addresses from a body field output
echo $sanitizer->emo($page->body);

Also make sure that you are using the 1.1.x version since this feature was added to the latest release (1.1.0).

  • Like 1

Share this post


Link to post
Share on other sites
On 3/23/2017 at 7:15 PM, Zeka said:

Hi @Roope

Looks like module doesn't work when template cache is on. 

It loads 


 var emo_addr = new Array();
 emo_addr[0] = "fA1PLjJh83r7WD9s+apZEH5RTFM0uYwS2Ge6bxVOktKvIndQC4qBUycoim.NlXgz";
 emo_addr[1] = "sJL2Tc4GuoWX8VHn0yXx05jt0182Mh3xF6Ue05jt0haQ9VxdFVXfFRxxTO3QYoWdTcXn7OHG86mt0VFQ+JHmF53q0oYB7VDQ0pmyTZCQTZif";
 if(window.addLoadEvent) addLoadEvent(emo_replace());

just for first time after cache timeout, but cache is saved without it.

Can somebody confirm it? 

And one small feature request: could you change "Replate text string" input from text to text Multilanguage field.

Hello @Zeka!

Sorry for massive delay but I just quickly tested EMO with built-in cache and was able to repeat yor issue. Cache file had emails as plain text and both EMO scripts were missing. On a public page it was still allright (emails obfuscated) so I don't know why it wasn't really using cached version? Switch to ProCache worked as excepted - cached page, which was obfuscated.

I'm really lost with PW built-in cache since I'm so used to work with Ryans ProCache module and it has never had any issues running together with EMO. So for now my best bet for you is to get that :) - in a meantime we'll see if there is something we can about this.

Multilanguage support is already in my TODO list, if I just could find the time... Thanks for the notice!

  • Like 1

Share this post


Link to post
Share on other sites

Hi @Roope,

Love this module - it's used in all my sites. Is it possible to disable the module on some pages via a hook? I need to disable the obfuscation when a particular GET variable is present.

Share this post


Link to post
Share on other sites
9 hours ago, Robin S said:

Hi @Roope,

Love this module - it's used in all my sites. Is it possible to disable the module on some pages via a hook? I need to disable the obfuscation when a particular GET variable is present.

Hello!

Yes, I think something like this on your page template should work.

$page->addHookBefore('render', function($event) {
  if(wire('input')->get->myvar) {
    $emo = wire('modules')->get('EmailObfuscation');
    $emo->mode = $emo::modeManual;
  }
});

 

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Macrura
      This is a new module, hope to release soon, which allows extended field descriptions, in currently 2 ways.
      The main feature of the module is that you can have a short description and then a 'more...' link which drops down a longer block of text.
      This is achieved by separating the intro/visible text and the rest with 5 dashes.

      Example setup:

      the 2nd way is if you are using AdminThemeUiKit, you can show extended field instructions in a panel. The content of the panel is edited on a regular PW page. This use case would probably not be that common, but if you had a field that required some extended instructions for how to use, this could be useful; Also, since this allows you to target information and instructions down at the field level, it could reduce the amount of documentation needed on a global level, since it is a lot more context targeted.

    • By netcarver
      Part 1 of a 2 part Module & Service Reveal.
      I'm currently working on a new module: ModuleReleaseNotes that was inspired by the work I originally did on making Ryan's ProcessWireUpgrades module "release" aware. In the end, I decided to ditch the approach I was originally taking and instead work on a module that hooked in to the UpgradeConfirmation dialog and the module edit page.
      Aims
      My aims for this module are as follows...
      Make discovery of a module's changes prior to an upgrade a trivial task. Make breaking changes very obvious. Make reading of a module's support documentation post-install a trivial task. Make module authors start to think about how they can improve the change discovery process for their modules. Make sure the display of information from the module support files/commit messages doesn't introduce a vulnerability. Looking at these in turn...
      Making discovery of a module's changes prior to upgrade a trivial task.
      This is done by adding a "What's changed section" to the upgrade confirmation dialog.  This section takes a best-effort approach to showing what's changed between the installed version and the updated version that's available via the module repository.
      At present, it is only able to talk to github-hosted repositories in order to ask them for the release notes, the changelog file (if present) and a list of commits between the git tag that matches the installed version and the tag matching the latest version.
      It will display the Release Notes (if the author is using the feature), else it will display the commits between the tags (if tagging is used by the module author) else it will show the changelog file (if present) else it will show the latest N commits on the master branch (N, of course, being configurable to your liking.)
      An example of the Github Release Notes pulled in for you, taken from Mike Rockett's TextformatterTypographer Module...

      An example of a tag-to-tag commit list from the same module...

      An example of a changelog - formatted to show just the changes (formatting styles will change)...

      Finally, an example of a fallback list of commits - sorry Adrian ...

       
      Making breaking changes obvious.
      This is currently done by searching for a set of configurable search strings. Later versions may be able to support breaking change detection via use of Semantic Versioning - but this may require some way of signalling the use of this versioning standard on a module-by-module basis.
      For now, then, you can customise the default set of change markers. Here I have added my own alias to the list of breaking change markers and the changes section of the changelog is styled accordingly (these will be improved)...

       
      Make reading of a module's support documentation, post-install, a trivial task.
      This is done by making some of the support files (like the README, CHANGELOG and LICENSE files) readable from the module's information/settings screen. There is an option to control the initial open/closed state of this section...

      Here is Tracy's README file from within the module settings page... 

       
      Make module authors start to think about how they can improve the change discovery process for their modules.
      There are notes in each of the sections displayed on the upgrade confirmation page that help authors use each of the features...

       
      Make sure display of external information doesn't introduce a vulnerability.
      This is an ongoing concern, and is the thing that is most likely to delay or prevent this module's release. Currently, output is formatted either via Markdown + HTML Purifier (if it was originally a Markdown file) or via htmlspecialchars() if it has come from a plaintext file.
       
      Ongoing...
      For now, I've concentrated on integration with GitHub, as most people use that platform to host their code. I know a few people are hosting their repositories with BitBucket (PWFoo comes to mind) and some with GitLab (Mike Rockett?) and I would eventually like to have adaptor implementations for these providers (and perhaps GitKraken) - but for now, GitHub rules and the other hosts are unsupported.
      I hope to have this ready for general release within the next week.
    • By blynx
      Hej,
      A module which helps including Photoswipe and brings some modules for rendering gallery markup. Feedback highly appreciated

      Modules directory: http://modules.processwire.com/modules/markup-processwire-photoswipe
      .zip download: https://github.com/blynx/MarkupProcesswirePhotoswipe/archive/master.zip
      You can add a photoswipe enabled thumbnail gallery / lightbox to your site like this. Just pass an image field to the renderGallery method:
      <?php $pwpswp = $modules->get('Pwpswp'); echo $pwpswp->renderGallery($page->nicePictures); Options are provided like so:
      <?php $galleryOptions = [ 'imageResizerOptions' => [ 'size' => '500x500' 'quality' => 70, 'upscaling' => false, 'cropping' => false ], 'loresResizerOptions' => [ 'size' => '500x500' 'quality' => 20, 'upscaling' => false, 'cropping' => false ], 'pswpOptions' => (object) [ 'shareEl' => false, 'indexIndicatorSep' => ' von ', 'closeOnScroll' => false ] ]; echo $pswp->renderGallery($page->images, $galleryOptions); More info about all that is in the readme: https://github.com/blynx/MarkupProcesswirePhotoswipe
      What do you think? Any ideas, bugs, critique, requests?
      cheers
      Steffen
    • By mtwebit
      Tasker is a module to handle and execute long-running jobs in Processwire. It provides a simple API  to create tasks (stored as PW pages), to set and query their state (Active, Waiting, Suspended etc.), and to execute them via Cron, LazyCron or HTTP calls.
      Creating a task
      $task = wire('modules')->Tasker->createTask($class, $method, $page, 'Task title', $arguments); where $class and $method specify the function that performs the job, $page is the task's parent page and $arguments provide optional configuration for the task.
      Executing a task
      You need to activate a task first
      wire('modules')->Tasker->activateTask($task); then Tasker will automatically execute it using one of its schedulers: Unix cron, LazyCron or TaskerAdmin's REST API + JS client.
      Getting the job done
      Your method that performs the task looks like
      public function longTask($page, &$taskData, $params) { ... } where $taskData is a persistent storage and $params are run-time options for the task.
      Monitoring progress, management
      The TaskerAdmin module provides a Javascript-based front-end to list tasks, to change their state and to monitor their progress (using a JQuery progressbar and a debug log area). It also allows the on-line execution of tasks using periodic HTTP calls performed by Javascript.

       
      Monitoring task progress (and log messages if debug mode is active)

       
      Task data and log

      Detailed info (setup, task dependencies, time limits, REST API etc.) and examples can be found on GitHub.
      This is my first public PW module. I'm sure it needs improvement
       
    • By netcarver
      A very simple textformatter that was inspired by Diogo's RemoveHeight textformatter.
      This one strips the height from any images and either adds a custom class or adds a max-width:100% as an embedded style.
      Github: https://github.com/netcarver/TextformatterFluidImages
      PW Repo: To Be Confirmed.