Jump to content
Roope

Email Obfuscation (EMO)

Recommended Posts

Thanks @Roope! The hook didn't work within the page template (maybe too late there) but did work in /site/ready.php

Share this post


Link to post
Share on other sites
On 9/28/2016 at 10:30 AM, Bacelo said:

 


<?php echo '<script src="' . $config->urls->siteModules . 'EmailObfuscation/emo.min.js"></script>'; ?>

This works fine as before - the script gets included just fine.

But, none of the included E-Mails addresses are replaced with any text and elements at all. They are still untouched present in plain text.

 

I ran into a similar issue with v1.1.0. using Javascript Loading method: Load file to $config->scripts 

emo.min.js is included on the page before the <!-- emo --> script block which defines var emo_addr. The function emo_replace() never gets called because at the point of script inclusion emo_addr === undefined. In v1.5 of  emo.js window.onload was removed. So the script never executes when emo.min.js is included before the <!-- emo --> script block.

I have refactored emo.js as an object literal and modified the module Code so that the script block calls emo.init(emo_addr) after defining the addresses.

emo.thumb.png.162cbf4268f1b57ca53fb32f3182e542.png

Tested without problems. Modified module can be found at https://github.com/gebeer/EmailObfuscation/tree/dev

@Roope do you want a PR for that?

Share this post


Link to post
Share on other sites

Hello @gebeer!

I made a convert to object literal on your supposal but it had issue when "JavaScript loading method" was set to:manual (where emo.js is loaded after the inline script block). So script init is now again attached to the window onload event and emo.js can be included at any part of page. Thanks for the report!

I also dropped ProcessWire namespace for continued 2.x support, thanks for a remind @Robin S! That was maybe too hesitated and no requirements for it.

Version bumped to 1.1.1 and it's available at GitHub:
https://github.com/BlowbackDesign/EmailObfuscation/releases/tag/1.1.1

Besides bugfixes this version adds support to multilanguage nosript text and template cache.

  • Like 2

Share this post


Link to post
Share on other sites

Looking a bit closer at this, it looks like it's just Chrome on an Android mobile, desktop sees to be OK now. Every other browser I've tried is fine.

Share this post


Link to post
Share on other sites
On 1/12/2017 at 10:23 AM, PWaddict said:

How can I re-initiate it via AJAX?

On 1/12/2017 at 2:41 PM, Roope said:

Currently this is not possible.

Would be really great, if this module could be used via Ajax. 😉

 

Share this post


Link to post
Share on other sites

New EMO version 1.2.0 released!

https://github.com/BlowbackDesign/EmailObfuscation/releases/tag/1.2.0

In this version only encryption key is stored in the emo object of html document and crypted email strings as data attributes to span elements that are used to replace found email addresses. This makes it possible to obfuscate emails generated within AJAX request.

There is also a new option at module config to lock the encryption key so that it does not change on every session like it does by default. This is required if you are caching AJAX output for more than session lifetime. Otherwise this option is good leave disabled.

Here is quick example of a simple AJAX request with obfuscated output:

<?php namespace ProcessWire;

if($config->ajax) {
  $str = "<p><a href='mailto:foo@bar.com'>Click to mail</a></p>";
  // auto obfuscation works only when complete html document is rendered so you
  // need to do manual obfuscation on AJAX calls even when mode is set to auto
  echo $sanitizer->emo($str);
  return $this->halt();
}

?>
<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <title>EMO ajax example</title>
</head>
<body>

  <p>john@doe.com</p>
  <div id="result"></div>
  <p><button onclick="sendExample()">Show me some</button></p>

  <script>
    var sendExample = function() {
      var xhttp = new XMLHttpRequest();
      xhttp.open("POST", "<?= $page->url ?>", true);
      xhttp.setRequestHeader("X-Requested-With", "XMLHttpRequest");
      xhttp.onreadystatechange = function() {
        if(this.readyState == 4 && this.status == 200) {
          document.getElementById("result").innerHTML = xhttp.response;
          // run emo init when there's something new to digest
          emo.init();
        }
      };
      xhttp.send();
    };
  </script>

</body>
</html>

 

  • Like 4

Share this post


Link to post
Share on other sites

Just a warning, this seems to have a conflict with SEO Maestro module?  I can't diagnose much as I'm at work and it's very busy at the moment.  Can anyone else confirm this?

Thanks.

Share this post


Link to post
Share on other sites
On 2/25/2020 at 5:10 AM, grimezy said:

Just a warning, this seems to have a conflict with SEO Maestro module?  I can't diagnose much as I'm at work and it's very busy at the moment.  Can anyone else confirm this?

Thanks.

I can't confirm.

Running PW 3.0.123 + latest versions on both of modules.

What kind of issues are you facing?

Share this post


Link to post
Share on other sites
Posted (edited)

I am having a different issue. With v1.2.0. I get this warning: 
Warning
array_key_exists() expects parameter 2 to be array, null given
File: .../EmailObfuscation/EmailObfuscation.module:352

352 if(!is_array($options) && !array_key_exists('pageStack', $options)) {
          return false;
    }

If $options passes the first test, it is not an array. The second test checks for array_key_exists in a non-array. Hence the warning.

The error is being triggered when $options is null.

As a temp workaround I amended the if statement to read

if(is_array($options) && !array_key_exists('pageStack', $options)) {
	return false;
}

Not sure though if this is correct. Maybe you wanted to return false when $options is not an array, too?

 

Edited by gebeer
typo

Share this post


Link to post
Share on other sites

Hello @gebeer (and @grimezy) and thanks for the info!

I was able to reproduce this and it was purely silly mistake I made when I was rearranging stuff. The is_array check in this condition is there only to prevent such a warning in array_key_exists function.

This is now fixed in 1.2.1 version.

And finally in 1.2.2 version.

While I was there I also added conditional autoload to block admin pages which is proposed by @tpr in this thread already long ago.

Thanks!

  • Like 2

Share this post


Link to post
Share on other sites

Hi,

I had this piece of code in my template file's head section, a fix for older IE browsers:

<!--[if lt IE 9]>
    <script src="<?=$config->urls->templates?>js/html5-3.6-respond-1.4.2.min.js"></script>
    <script src="<?=$config->urls->templates?>js/rem.min.js"></script>
<![endif]-->

EMO 1.2.2 inserted its own code inside the conditional comment which resulted in it not working properly (in browsers other than old IE, of course):

<!--[if lt IE 9]>
<script>
var emo = emo || {};
emo.key = 'PDHeN7ZbGViB1m0ATUpc5rC3tY_8fgEqkl6dw2nMKQSLxWouahI.4vJFyOXzs9Rj';
</script>
	<script src="/site/templates/js/html5-3.6-respond-1.4.2.min.js"></script>
	<script src="/site/templates/js/rem.min.js"></script>
<![endif]-->

I don't know the exact way EMO determines where to place its code, but it should probably make sure its JS does not end up in any conditional comment.

Apart from that, thanks a lot for a very useful module.

Michael

Share this post


Link to post
Share on other sites

the "enable Javascript" message is currently appearing in both Chrome and Safari for Mac in place of email addresses.

EMO is inserting into a conditional comment, as noted by Michael.

Screen Shot 2020-03-30 at 12.41.49 PM.png

Share this post


Link to post
Share on other sites

Hello @CalleRosa40 and @Brian Williamson!

And thanks for the notice!

The logic with EMO insert changed at 1.2.x update and I haven't got time to push the update yet so in a meantime please use the version 1.1.1 instead as it works without any issues. I'll try to find some time to fix the script insert to head ASAP!

https://github.com/BlowbackDesign/EmailObfuscation/releases/tag/1.1.1

  • Like 2

Share this post


Link to post
Share on other sites

Can also confirm that the latest version affects email addresses entered in a FormBuilder field, so the visitor gets an "Invalid content" error but can't see any reason why they should.

Share this post


Link to post
Share on other sites

@Roope, a feature request: it would be great if it was possible to avoid the email replacement within elements that are given a particular HTML class, e.g. "no-emo".

My current issue is that if I show an email address as the value of a text input or textarea then EMO replaces those strings, which create invalid markup. Probably EMO shouldn't touch emails that are the values of form elements, but it would also be handy to be able to disable EMO inside other elements so I thought I'd request that class option.

  • Like 1

Share this post


Link to post
Share on other sites

Hi all!

Issue with script insert to the head section is now fixed in version 1.2.3

https://github.com/BlowbackDesign/EmailObfuscation/releases/tag/1.2.3

@CalleRosa40 and @Brian Williamson please update and report back if you're still facing any problems.

@creativejay and @Robin S - EMO has skipped form tags on obfuscation since day one and I haven't been able to reproduce this error so I'm kind of lost here why are you guys facing this issue with recent 1.2.x update.

For example, none of the addresses in the markup below are not touched:

<form action="/">
  <p>john@doe.com</p>
  <input type="text" name="email" value="john@doe.com">
  <textarea name="message">john@doe.com</textarea>
</form>

Using no-emo class on element to avoid obfuscation is a nice idea but not so easy to implement safely to the current logic based on regular expressions.

  • Like 1

Share this post


Link to post
Share on other sites
1 hour ago, Roope said:

EMO has skipped form tags on obfuscation since day one and I haven't been able to reproduce this error

To reproduce, put an input element in your template that is not within a form.

<input type="text" value="someone@domain.com">

2020-04-17_102446.jpg.d5adb48e51729b70937f0ee9f024e32a.jpg

It's valid to use inputs, textareas, etc outside of a form element.

  • Like 1

Share this post


Link to post
Share on other sites
On 4/17/2020 at 1:25 AM, Robin S said:

It's valid to use inputs, textareas, etc outside of a form element.

Yes, I'm well aware that it is completely valid to have inputs and such outside of a form element and with email address EMO breaks the markup but I thought this was not the issue in your case since there was already previous post from creativejay about problems with FormBuilder and you also mentioned that EMO shoudn't touch values of form elements but you were literally talking about inputs and such, not the form element itself. Sorry about that.

There are also another technically valid situations where EMO fails e.g. like having an email inside data attribute. Generally it is kind of compicated topic to automatically replace email address by new node in every possible case without breaking things.

Anyway, current state where EMO skips whole content inside form element is not ideal since there are many cases where you can have email addresses inside form where they should get obfuscated but currenly are not. Like the one in my previous form example where email inside p element should be touched but it's not.

That said maybe we should remove the form element completely from ignored elements and concentrate only at form elements (what you suggested actually) like input, option and textarea where most likely touching email addresses will give us headaches.

I'll look into it.

  • Like 2

Share this post


Link to post
Share on other sites

@Roope, I've noticed that the "Enable JavaScript to view protected content" notice appears for significantly longer in >= v1.2.0 than it did in v1.1.1. In the screencasts below I'm refreshing the page and I've used my browser dev tools to slow the network speed down to "Fast 3G" to make the effect more obvious. In both cases the EMO script should already be in the browser's cache.

v1.1.1

v1.gif.45493c322712289f82262cd5c2ad83f2.gif

 

v1.2.3

v2.gif.30006db5fc59a534b11e5c8b01bc2d55.gif

 

Is there some way to speed things up so performance is closer to the older version?

A couple of other little things...

1. Could you look at appending the module version number to the JS file src as a cache-busting querystring? Without that there can be problems if you upgrade/downgrade the module and the visitor has the JS from a different version cached in their browser.

2. I wonder if the module could use a <noscript> tag in some way so that the "Enable JavaScript to view protected content" is only visible to visitors who have JS disabled. If the visitor has JS enabled but EMO has not yet decoded the email address then the notice doesn't need to be seen and this would avoid the FOUC.

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By teppo
      Needed a really simple solution to embed audio files within page content and couldn't find a module for that, so here we go. Textformatter Audio Embed works a bit like Textformatter Video Embed, converting this:
      <p>https://www.domain.tld/path/to/file.mp3</p> Into this:
      <audio controls class="TextformatterAudioEmbed"> <source src="https://www.domain.tld/path/to/file.mp3" type="audio/mpeg"> </audio> The audio element has pretty good browser support, so quite often this should be enough to get things rolling 🙂
      GitHub repository: https://github.com/teppokoivula/TextformatterAudioEmbed Modules directory: https://modules.processwire.com/modules/textformatter-audio-embed/
    • By Richard Jedlička
      Tense    
      Tense (Test ENvironment Setup & Execution) is a command-line tool to easily run tests agains multiple versions of ProcessWire CMF.
      Are you building a module, or a template and you need to make sure it works in all supported ProcessWire versions? Then Tense is exactly what you need. Write the tests in any testing framework, tell Tense which ProcessWire versions you are interested in and it will do the rest for you.

      See example or see usage in a real project.
      How to use?
      1. Install it: 
      composer global require uiii/tense 2. Create tense.yml config:
      tense init 3. Run it:
      tense run  
      For detailed instructions see Github page: https://github.com/uiii/tense
       
      This is made possible thanks to the great wireshell tool by @justb3a, @marcus and others.
       
      What do you think about it? Do you find it useful? Do you have some idea? Did you find some bug? Tell me you opinion. Write it here or in the issue tracker.
    • By Chris Bennett
      Hi all, I am going round and round in circles and would greatly appreciate if anyone can point me in the right direction.
      I am sure I am doing something dumb, or missing something I should know, but don't. Story of my life 😉

      Playing round with a module and my basic problem is I want to upload an image and also use InputfieldMarkup and other Inputfields.
      Going back and forth between trying an api generated page defining Fieldgroup, Template, Fields, Page and the InputfieldWrapper method.

      InputfieldWrapper method works great for all the markup stuff, but I just can't wrap my head around what I need to do to save the image to the database.
      Can generate a Field for it (thanks to the api investigations) but not sure what I need to do to link the Inputfield to that. Tried a lot of stuff from various threads, of varying dates without luck.
      Undoubtedly not helped by me not knowing enough.

      Defining Fieldgroup etc through the api seems nice and clean and works great for the images but I can't wrap my head around how/if I can add/append/hook the InputfieldWrapper/InputfieldMarkup stuff I'd like to include on that template as well. Not even sure if it should be where it is on ___install with the Fieldtype stuff or later on . Not getting Tracy errors, just nothing seems to happen.
      If anyone has any ideas or can point me in the right direction, that would be great because at the moment I am stumbling round in the dark.
       
      public function ___install() { parent::___install(); $page = $this->pages->get('name='.self::PAGE_NAME); if (!$page->id) { // Create fieldgroup, template, fields and page // Create new fieldgroup $fmFieldgroup = new Fieldgroup(); $fmFieldgroup->name = MODULE_NAME.'-fieldgroup'; $fmFieldgroup->add($this->fields->get('title')); // needed title field $fmFieldgroup->save(); // Create new template using the fieldgroup $fmTemplate = new Template(); $fmTemplate->name = MODULE_NAME; $fmTemplate->fieldgroup = $fmFieldgroup; $fmTemplate->noSettings = 1; $fmTemplate->noChildren = 1; $fmTemplate->allowNewPages = 0; $fmTemplate->tabContent = MODULE_NAME; $fmTemplate->noChangeTemplate = 1; $fmTemplate->setIcon(ICON); $fmTemplate->save(); // Favicon source $fmField = new Field(); $fmField->type = $this->modules->get("FieldtypeImage"); $fmField->name = 'fmFavicon'; $fmField->label = 'Favicon'; $fmField->focusMode = 'off'; $fmField->gridMode = 'grid'; $fmField->extensions = 'svg png'; $fmField->columnWidth = 50; $fmField->collapsed = Inputfield::collapsedNever; $fmField->setIcon(ICON); $fmField->addTag(MODULE_NAME); $fmField->save(); $fmFieldgroup->add($fmField); // Favicon Silhouette source $fmField = new Field(); $fmField->type = $this->modules->get("FieldtypeImage"); $fmField->name = 'fmFaviconSilhouette'; $fmField->label = 'SVG Silhouette'; $fmField->notes = 'When creating a silhouette/mask svg version for Safari Pinned Tabs and Windows Tiles, we recommend setting your viewbox for 0 0 16 16, as this is what Apple requires. In many cases, the easiest way to do this in something like illustrator is a sacrificial rectangle with no fill, and no stroke at 16 x 16. This forces the desired viewbox and can then be discarded easily using something as simple as notepad. Easy is good, especially when you get the result you want without a lot of hassle.'; $fmField->focusMode = 'off'; $fmField->extensions = 'svg'; $fmField->columnWidth = 50; $fmField->collapsed = Inputfield::collapsedNever; $fmField->setIcon(ICON); $fmField->addTag(MODULE_NAME); $fmField->save(); $fmFieldgroup->add($fmField); // Create: Open Settings Tab $tabOpener = new Field(); $tabOpener->type = new FieldtypeFieldsetTabOpen(); $tabOpener->name = 'fmTab1'; $tabOpener->label = "Favicon Settings"; $tabOpener->collapsed = Inputfield::collapsedNever; $tabOpener->addTag(MODULE_NAME); $tabOpener->save(); // Create: Close Settings Tab $tabCloser = new Field(); $tabCloser->type = new FieldtypeFieldsetClose; $tabCloser->name = 'fmTab1' . FieldtypeFieldsetTabOpen::fieldsetCloseIdentifier; $tabCloser->label = "Close open tab"; $tabCloser->addTag(MODULE_NAME); $tabCloser->save(); // Create: Opens wrapper for Favicon Folder Name $filesOpener = new Field(); $filesOpener->type = new FieldtypeFieldsetOpen(); $filesOpener->name = 'fmOpenFolderName'; $filesOpener->label = 'Wrap Folder Name'; $filesOpener->class = 'inline'; $filesOpener->collapsed = Inputfield::collapsedNever; $filesOpener->addTag(MODULE_NAME); $filesOpener->save(); // Create: Close wrapper for Favicon Folder Name $filesCloser = new Field(); $filesCloser->type = new FieldtypeFieldsetClose(); $filesCloser->name = 'fmOpenFolderName' . FieldtypeFieldsetOpen::fieldsetCloseIdentifier; $filesCloser->label = "Close open fieldset"; $filesCloser->addTag(MODULE_NAME); $filesCloser->save(); // Create Favicon Folder Name $fmField = new Field(); $fmField->type = $this->modules->get("FieldtypeText"); $fmField->name = 'folderName'; $fmField->label = 'Favicon Folder:'; $fmField->description = $this->config->urls->files; $fmField->placeholder = 'Destination Folder for your generated favicons, webmanifest and browserconfig'; $fmField->columnWidth = 100; $fmField->collapsed = Inputfield::collapsedNever; $fmField->setIcon('folder'); $fmField->addTag(MODULE_NAME); $fmField->save(); $fmFieldgroup->add($tabOpener); $fmFieldgroup->add($filesOpener); $fmFieldgroup->add($fmField); $fmFieldgroup->add($filesCloser); $fmFieldgroup->add($tabCloser); $fmFieldgroup->save(); /////////////////////////////////////////////////////////////// // Experimental Markup Tests $wrapperFaviconMagic = new InputfieldWrapper(); $wrapperFaviconMagic->attr('id','faviconMagicWrapper'); $wrapperFaviconMagic->attr('title',$this->_('Favicon Magic')); // field show info what $field = $this->modules->get('InputfieldMarkup'); $field->name = 'use'; $field->label = __('How do I use it?'); $field->collapsed = Inputfield::collapsedNever; $field->icon('info'); $field->attr('value', 'Does this even begin to vaguely work?'); $field->columnWidth = 50; $wrapperFaviconMagic->add($field); $fmTemplate->fields->add($wrapperFaviconMagic); $fmTemplate->fields->save(); ///////////////////////////////////////////////////////////// // Create page $page = $this->wire( new Page() ); $page->template = MODULE_NAME; $page->parent = $this->wire('pages')->get('/'); $page->addStatus(Page::statusHidden); $page->title = 'Favicons'; $page->name = self::PAGE_NAME; $page->process = $this; $page->save(); } }  
    • By Sebi
      Since it's featured in ProcessWire Weekly #310, now is the time to make it official:
      Here is Twack!
      I really like the following introduction from ProcessWire Weekly, so I hope it is ok if I use it here, too. Look at the project's README for more details!
      Twack is a new — or rather newish — third party module for ProcessWire that provides support for reusable components in an Angular-inspired way. Twack is implemented as an installable module, and a collection of helper and base classes. Key concepts introduced by this module are:
      Components, which have separate views and controllers. Views are simple PHP files that handle the output for the component, whereas controllers extend the TwackComponent base class and provide additional data handling capabilities. Services, which are singletons that provide a shared service where components can request data. The README for Twack uses a NewsService, which returns data related to news items, as an example of a service. Twack components are designed for reusability and encapsulating a set of features for easy maintainability, can handle hierarchical or recursive use (child components), and are simple to integrate with an existing site — even when said site wasn't originally developed with Twack.
      A very basic Twack component view could look something like this:
      <?php namespace ProcessWire; ?> <h1>Hello World!</h1> And here's how you could render it via the API:
      <?php namespace Processwire; $twack = $modules->get('Twack'); $hello = $twack->getNewComponent('HelloWorld'); ?> <html> <head> <title>Hello World</title> </head> <body> <?= $hello->render() ?> </body> </html> Now, just to add a bit more context, here's a simple component controller:
      <?php namespace ProcessWire; class HelloWorld extends TwackComponent { public function __construct($args) { parent::__construct($args); $this->title = 'Hello World!'; if(isset($args['title'])) { $this->title = $args['title']; } } } As you can see, there's not a whole lot new stuff to learn here if you'd like to give Twack a try in one of your projects. The Twack README provides a really informative and easy to follow introduction to all the key concepts (as well as some additional examples) so be sure to check that out before getting started. 
      Twack is in development for several years and I use it for every new project I build. Also integrated is an easy to handle workflow to make outputs as JSON, so it can be used to build responses for a REST-api as well. I will work that out in one section in the readme as well. 
      If you want to see the module in an actual project, I have published the code of www.musical-fabrik.de in a repository. It runs completely with Twack and has an app-endpoint with ajax-output as well.
      I really look forward to hear, what you think of Twack🥳!
      Features Installation Usage Quickstart: Creating a component Naming conventions & component variants Component Parameters directory page parameters viewname Asset handling Services Named components Global components Ajax-Output Configuration Versioning License Changelog
    • By Robin S
      Page Reference Default Value
      Most ProcessWire core inputfield types that can be used with a Page Reference field support a "Default value" setting. This module extends support for default values to the following core inputfield types:
      Page List Select Page List Select Multiple Page Autocomplete (single and multiple) Seeing as these inputfield types only support the selection of pages a Page List Select / Page List Select Multiple is used for defining the default value instead of the Text / Textarea field used by the core for other inputfield types. This makes defining a default value a bit more user-friendly.
      Note that as per the core "Default value" setting, the Page Reference field must be set to "required" in order for the default value to be used.
      Screenshot

       
      https://github.com/Toutouwai/PageReferenceDefaultValue
      https://modules.processwire.com/modules/page-reference-default-value/
×
×
  • Create New...