Jump to content
Roope

Email Obfuscation (EMO)

Recommended Posts

Thanks @Roope! The hook didn't work within the page template (maybe too late there) but did work in /site/ready.php

Share this post


Link to post
Share on other sites
On 9/28/2016 at 10:30 AM, Bacelo said:

 


<?php echo '<script src="' . $config->urls->siteModules . 'EmailObfuscation/emo.min.js"></script>'; ?>

This works fine as before - the script gets included just fine.

But, none of the included E-Mails addresses are replaced with any text and elements at all. They are still untouched present in plain text.

 

I ran into a similar issue with v1.1.0. using Javascript Loading method: Load file to $config->scripts 

emo.min.js is included on the page before the <!-- emo --> script block which defines var emo_addr. The function emo_replace() never gets called because at the point of script inclusion emo_addr === undefined. In v1.5 of  emo.js window.onload was removed. So the script never executes when emo.min.js is included before the <!-- emo --> script block.

I have refactored emo.js as an object literal and modified the module Code so that the script block calls emo.init(emo_addr) after defining the addresses.

emo.thumb.png.162cbf4268f1b57ca53fb32f3182e542.png

Tested without problems. Modified module can be found at https://github.com/gebeer/EmailObfuscation/tree/dev

@Roope do you want a PR for that?

Share this post


Link to post
Share on other sites

Hello @gebeer!

I made a convert to object literal on your supposal but it had issue when "JavaScript loading method" was set to:manual (where emo.js is loaded after the inline script block). So script init is now again attached to the window onload event and emo.js can be included at any part of page. Thanks for the report!

I also dropped ProcessWire namespace for continued 2.x support, thanks for a remind @Robin S! That was maybe too hesitated and no requirements for it.

Version bumped to 1.1.1 and it's available at GitHub:
https://github.com/BlowbackDesign/EmailObfuscation/releases/tag/1.1.1

Besides bugfixes this version adds support to multilanguage nosript text and template cache.

  • Like 2

Share this post


Link to post
Share on other sites

Looking a bit closer at this, it looks like it's just Chrome on an Android mobile, desktop sees to be OK now. Every other browser I've tried is fine.

Share this post


Link to post
Share on other sites
On 1/12/2017 at 10:23 AM, PWaddict said:

How can I re-initiate it via AJAX?

On 1/12/2017 at 2:41 PM, Roope said:

Currently this is not possible.

Would be really great, if this module could be used via Ajax. 😉

 

Share this post


Link to post
Share on other sites

New EMO version 1.2.0 released!

https://github.com/BlowbackDesign/EmailObfuscation/releases/tag/1.2.0

In this version only encryption key is stored in the emo object of html document and crypted email strings as data attributes to span elements that are used to replace found email addresses. This makes it possible to obfuscate emails generated within AJAX request.

There is also a new option at module config to lock the encryption key so that it does not change on every session like it does by default. This is required if you are caching AJAX output for more than session lifetime. Otherwise this option is good leave disabled.

Here is quick example of a simple AJAX request with obfuscated output:

<?php namespace ProcessWire;

if($config->ajax) {
  $str = "<p><a href='mailto:foo@bar.com'>Click to mail</a></p>";
  // auto obfuscation works only when complete html document is rendered so you
  // need to do manual obfuscation on AJAX calls even when mode is set to auto
  echo $sanitizer->emo($str);
  return $this->halt();
}

?>
<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <title>EMO ajax example</title>
</head>
<body>

  <p>john@doe.com</p>
  <div id="result"></div>
  <p><button onclick="sendExample()">Show me some</button></p>

  <script>
    var sendExample = function() {
      var xhttp = new XMLHttpRequest();
      xhttp.open("POST", "<?= $page->url ?>", true);
      xhttp.setRequestHeader("X-Requested-With", "XMLHttpRequest");
      xhttp.onreadystatechange = function() {
        if(this.readyState == 4 && this.status == 200) {
          document.getElementById("result").innerHTML = xhttp.response;
          // run emo init when there's something new to digest
          emo.init();
        }
      };
      xhttp.send();
    };
  </script>

</body>
</html>

 

  • Like 3

Share this post


Link to post
Share on other sites

Just a warning, this seems to have a conflict with SEO Maestro module?  I can't diagnose much as I'm at work and it's very busy at the moment.  Can anyone else confirm this?

Thanks.

Share this post


Link to post
Share on other sites
On 2/25/2020 at 5:10 AM, grimezy said:

Just a warning, this seems to have a conflict with SEO Maestro module?  I can't diagnose much as I'm at work and it's very busy at the moment.  Can anyone else confirm this?

Thanks.

I can't confirm.

Running PW 3.0.123 + latest versions on both of modules.

What kind of issues are you facing?

Share this post


Link to post
Share on other sites
Posted (edited)

I am having a different issue. With v1.2.0. I get this warning: 
Warning
array_key_exists() expects parameter 2 to be array, null given
File: .../EmailObfuscation/EmailObfuscation.module:352

352 if(!is_array($options) && !array_key_exists('pageStack', $options)) {
          return false;
    }

If $options passes the first test, it is not an array. The second test checks for array_key_exists in a non-array. Hence the warning.

The error is being triggered when $options is null.

As a temp workaround I amended the if statement to read

if(is_array($options) && !array_key_exists('pageStack', $options)) {
	return false;
}

Not sure though if this is correct. Maybe you wanted to return false when $options is not an array, too?

 

Edited by gebeer
typo

Share this post


Link to post
Share on other sites

Hello @gebeer (and @grimezy) and thanks for the info!

I was able to reproduce this and it was purely silly mistake I made when I was rearranging stuff. The is_array check in this condition is there only to prevent such a warning in array_key_exists function.

This is now fixed in 1.2.1 version.

And finally in 1.2.2 version.

While I was there I also added conditional autoload to block admin pages which is proposed by @tpr in this thread already long ago.

Thanks!

  • Like 2

Share this post


Link to post
Share on other sites

Hi,

I had this piece of code in my template file's head section, a fix for older IE browsers:

<!--[if lt IE 9]>
    <script src="<?=$config->urls->templates?>js/html5-3.6-respond-1.4.2.min.js"></script>
    <script src="<?=$config->urls->templates?>js/rem.min.js"></script>
<![endif]-->

EMO 1.2.2 inserted its own code inside the conditional comment which resulted in it not working properly (in browsers other than old IE, of course):

<!--[if lt IE 9]>
<script>
var emo = emo || {};
emo.key = 'PDHeN7ZbGViB1m0ATUpc5rC3tY_8fgEqkl6dw2nMKQSLxWouahI.4vJFyOXzs9Rj';
</script>
	<script src="/site/templates/js/html5-3.6-respond-1.4.2.min.js"></script>
	<script src="/site/templates/js/rem.min.js"></script>
<![endif]-->

I don't know the exact way EMO determines where to place its code, but it should probably make sure its JS does not end up in any conditional comment.

Apart from that, thanks a lot for a very useful module.

Michael

Share this post


Link to post
Share on other sites

the "enable Javascript" message is currently appearing in both Chrome and Safari for Mac in place of email addresses.

EMO is inserting into a conditional comment, as noted by Michael.

Screen Shot 2020-03-30 at 12.41.49 PM.png

Share this post


Link to post
Share on other sites

Hello @CalleRosa40 and @Brian Williamson!

And thanks for the notice!

The logic with EMO insert changed at 1.2.x update and I haven't got time to push the update yet so in a meantime please use the version 1.1.1 instead as it works without any issues. I'll try to find some time to fix the script insert to head ASAP!

https://github.com/BlowbackDesign/EmailObfuscation/releases/tag/1.1.1

  • Like 2

Share this post


Link to post
Share on other sites

Can also confirm that the latest version affects email addresses entered in a FormBuilder field, so the visitor gets an "Invalid content" error but can't see any reason why they should.

Share this post


Link to post
Share on other sites

@Roope, a feature request: it would be great if it was possible to avoid the email replacement within elements that are given a particular HTML class, e.g. "no-emo".

My current issue is that if I show an email address as the value of a text input or textarea then EMO replaces those strings, which create invalid markup. Probably EMO shouldn't touch emails that are the values of form elements, but it would also be handy to be able to disable EMO inside other elements so I thought I'd request that class option.

  • Like 1

Share this post


Link to post
Share on other sites

Hi all!

Issue with script insert to the head section is now fixed in version 1.2.3

https://github.com/BlowbackDesign/EmailObfuscation/releases/tag/1.2.3

@CalleRosa40 and @Brian Williamson please update and report back if you're still facing any problems.

@creativejay and @Robin S - EMO has skipped form tags on obfuscation since day one and I haven't been able to reproduce this error so I'm kind of lost here why are you guys facing this issue with recent 1.2.x update.

For example, none of the addresses in the markup below are not touched:

<form action="/">
  <p>john@doe.com</p>
  <input type="text" name="email" value="john@doe.com">
  <textarea name="message">john@doe.com</textarea>
</form>

Using no-emo class on element to avoid obfuscation is a nice idea but not so easy to implement safely to the current logic based on regular expressions.

  • Like 1

Share this post


Link to post
Share on other sites
1 hour ago, Roope said:

EMO has skipped form tags on obfuscation since day one and I haven't been able to reproduce this error

To reproduce, put an input element in your template that is not within a form.

<input type="text" value="someone@domain.com">

2020-04-17_102446.jpg.d5adb48e51729b70937f0ee9f024e32a.jpg

It's valid to use inputs, textareas, etc outside of a form element.

  • Like 1

Share this post


Link to post
Share on other sites
On 4/17/2020 at 1:25 AM, Robin S said:

It's valid to use inputs, textareas, etc outside of a form element.

Yes, I'm well aware that it is completely valid to have inputs and such outside of a form element and with email address EMO breaks the markup but I thought this was not the issue in your case since there was already previous post from creativejay about problems with FormBuilder and you also mentioned that EMO shoudn't touch values of form elements but you were literally talking about inputs and such, not the form element itself. Sorry about that.

There are also another technically valid situations where EMO fails e.g. like having an email inside data attribute. Generally it is kind of compicated topic to automatically replace email address by new node in every possible case without breaking things.

Anyway, current state where EMO skips whole content inside form element is not ideal since there are many cases where you can have email addresses inside form where they should get obfuscated but currenly are not. Like the one in my previous form example where email inside p element should be touched but it's not.

That said maybe we should remove the form element completely from ignored elements and concentrate only at form elements (what you suggested actually) like input, option and textarea where most likely touching email addresses will give us headaches.

I'll look into it.

  • Like 2

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Gadgetto
      SnipWire - Snipcart integration for ProcessWire
      Snipcart is a powerful 3rd party, developer-first HTML/JavaScript shopping cart platform. SnipWire is the missing link between Snipcart and the content management framework ProcessWire.
      With SnipWire, you can quickly turn any ProcessWire site into a Snipcart online shop. The SnipWire plugin helps you to get your store up and running in no time. Detailed knowledge of the Snipcart system is not required.
      SnipWire is free and open source licensed under Mozilla Public License 2.0! A lot of work and effort has gone into development. It would be nice if you could donate an amount to support further development:

      Status update links (inside this thread) for SnipWire development
      2020-07-03 -- SnipWire 0.8.7 (beta) released! Fixes some small bugs and adds an indicator for TEST mode 2020-04-06 -- SnipWire 0.8.6 (beta) released! Adds support for Snipcart subscriptions and also fixes some problems 2020-03-21 -- SnipWire 0.8.5 (beta) released! Improves SnipWires webhooks interface and provides some other fixes and additions 2020-03-03 -- SnipWire 0.8.4 (beta) released! Improves compatibility for Windows based Systems. 2020-03-01 -- SnipWire 0.8.3 (beta) released! The installation and uninstallation process has been heavily revised. 2020-02-08 -- SnipWire 0.8.2 (beta) released! Added a feature to change the cart and catalogue currency by GET, POST or SESSION param 2020-02-03 -- SnipWire 0.8.1 (beta) released! All custom classes moved into their own namespaces. 2020-02-01 -- SnipWire is now available via ProcessWire's module directory! 2020-01-30 -- SnipWire 0.8.0 (beta) first public release! (module just submitted to the PW modules directory) 2020-01-28 -- added Custom Order Fields feature (first SnipWire release version is near!) 2020-01-21 -- Snipcart v3 - when will the new cart system be implemented? 2020-01-19 -- integrated taxes provider finished (+ very flexible shipping taxes handling) 2020-01-14 -- new date range picker, discount editor, order notifiactions, order statuses, and more ... 2019-11-15 -- orders filter, order details, download + resend invoices, refunds 2019-10-18 -- list filters, REST API improvements, new docs platform, and more ... 2019-08-08 -- dashboard interface, currency selector, managing Orders, Customers and Products, Added a WireTabs, refinded caching behavior 2019-06-15 -- taxes provider, shop templates update, multiCURL implementation, and more ... 2019-06-02 -- FieldtypeSnipWireTaxSelector 2019-05-25 -- SnipWire will be free and open source Plugin Key Features
      Fast and simple store setup Full integration of the Snipcart dashboard into the ProcessWire backend (no need to leave the ProcessWire admin area) Browse and manage orders, customers, discounts, abandoned carts, and more Multi currency support Custom order and cart fields Process refunds and send customer notifications from within the ProcessWire backend Process Abandoned Carts + sending messages to customers from within the ProcessWire backend Complete Snipcart webhooks integration (all events are hookable via ProcessWire hooks) Integrated taxes provider (which is more flexible then Snipcart own provider) Useful Links
      SnipWire in PW modules directory SnipWire Docs (please note that the documentation is a work in progress) SnipWire @GitHub (feature requests and suggestions for improvement are welcome - I also accept pull requests) Snipcart Website  

       
      ---- INITIAL POST FROM 2019-05-25 ----
       
    • By Sten
      Hello
      Till now I hacked something with the twig template but it works no more with new PW versions so I look forward to create a module. I am working on a site in multiple languages : French, English, Italian, German, Spanish, Portuguese, Hebrew, Russian. The new posts are entered in any language with a field for language. Till now, I got twig files to get the translations with constants defined for each part of the pages.
      So I'd like to create a module to include theses files added according to the url /fr/en/...
      Have you some observations to do before I begin about the direction to take ?
      Thank you
    • By ukyo
      Mystique Module for ProcessWire CMS/CMF
      Github repo : https://github.com/trk/Mystique
      Mystique module allow you to create dynamic fields and store dynamic fields data on database by using a config file.
      Requirements
      ProcessWire 3.0 or newer PHP 7.0 or newer FieldtypeMystique InputfieldMystique Installation
      Install the module from the modules directory:
      Via Composer:
      composer require trk/mystique Via git clone:
      cd your-processwire-project-folder/ cd site/modules/ git clone https://github.com/trk/Mystique.git Module in live reaction with your Mystique config file
      This mean if you remove a field from your config file, field will be removed from edit screen. As you see on youtube video.
      Using Mystique with your module or use different configs path, autoload need to be true for modules
      Default configs path is site/templates/configs/, and your config file name need to start with Mystique. and need to end with .php extension.
      Adding custom path not supporting anymore !
      // Add your custom path inside your module class`init` function, didn't tested outside public function init() { $path = __DIR__ . DIRECTORY_SEPARATOR . 'configs' . DIRECTORY_SEPARATOR; Mystique::add($path); } Mystique module will search site/modules/**/configs/Mystique.*.php and site/templates/Mystique.*.php paths for Mystique config files.
      All config files need to return a PHP ARRAY like examples.
      Usage almost same with ProcessWire Inputfield Api, only difference is set and showIf usage like on example.
      <?php namespace ProcessWire; /** * Resource : testing-mystique */ return [ 'title' => __('Testing Mystique'), 'fields' => [ 'text_field' => [ 'label' => __('You can use short named types'), 'description' => __('In file showIf working like example'), 'notes' => __('Also you can use $input->set() method'), 'type' => 'text', 'showIf' => [ 'another_text' => "=''" ], 'set' => [ 'showCount' => InputfieldText::showCountChars, 'maxlength' => 255 ], 'attr' => [ 'attr-foo' => 'bar', 'attr-bar' => 'foo' ] ], 'another_text' => [ 'label' => __('Another text field (default type is text)') ] ] ]; Example:
      site/templates/configs/Mystique.seo-fields.php <?php namespace ProcessWire; /** * Resource : seo-fields */ return [ 'title' => __('Seo fields'), 'fields' => [ 'window_title' => [ 'label' => __('Window title'), 'type' => Mystique::TEXT, // or InputfieldText 'useLanguages' => true, 'attr' => [ 'placeholder' => __('Enter a window title') ] ], 'navigation_title' => [ 'label' => __('Navigation title'), 'type' => Mystique::TEXT, // or InputfieldText 'useLanguages' => true, 'showIf' => [ 'window_title' => "!=''" ], 'attr' => [ 'placeholder' => __('Enter a navigation title') ] ], 'description' => [ 'label' => __('Description for search engines'), 'type' => Mystique::TEXTAREA, 'useLanguages' => true ], 'page_tpye' => [ 'label' => __('Type'), 'type' => Mystique::SELECT, 'options' => [ 'basic' => __('Basic page'), 'gallery' => __('Gallery'), 'blog' => __('Blog') ] ], 'show_on_nav' => [ 'label' => __('Display this page on navigation'), 'type' => Mystique::CHECKBOX ] ] ]; Searching data on Mystique field is limited. Because, Mystique saving data to database in json format. When you make search for Mystique field, operator not important. Operator will be changed with %= operator.
      Search example
      $navigationPages = pages()->find('my_mystique_field.show_on_nav=1'); $navigationPages = pages()->find('my_mystique_field.page_tpye=gallery');
    • By Robin S
      This is a module I made as an experiment a while ago and never got around to releasing publicly. At the time it was prompted by discussions around using Repeater fields for "page builder" purposes, where the depth feature could possibly be used for elements that would be nested inside other elements. I thought it would be useful to enforce some depth rules and translate the depth data into a multi-dimensional array structure.
      I'm not using this module anywhere myself but maybe it's useful to somebody.
      Repeater Depth Helper
      This module does two things relating to Repeater fields that have the "Item depth" option enabled:
      It enforces some depth rules for Repeater fields on save. Those rules are:
      The first item must have a depth of zero. Each item depth must not be more than one greater than previous item depth. It provides a RepeaterPageArray::getDepthStructure helper method that returns a nested depth structure for a Repeater field value.
      Helper method
      The module adds a RepeaterPageArray::getDepthStructure method that returns a multi-dimensional array where the key is the page ID and the value is an array of nested "child" items, or null if there are no nested children.
      Example

      The module doesn't make any assumptions about how you might want to use the depth structure array, but here is a way you might use it to output a nested unordered list.
      // Output a nested unordered list from a depth structure array function outputNestedList($depth_structure, $repeater_items) { $out = "<ul>"; foreach($depth_structure as $page_id => $nested_children) { $out .= "<li>" . $repeater_items->get("id=$page_id")->title; // Go recursive if there are nested children if(is_array($nested_children)) $out .= outputNestedList($nested_children, $repeater_items); $out .= "</li>"; } $out .= "</ul>"; return $out; } $repeater_items = $page->my_repeater; $depth_structure = $repeater_items->getDepthStructure(); echo outputNestedList($depth_structure, $repeater_items);
       
      https://github.com/Toutouwai/RepeaterDepthHelper
      https://modules.processwire.com/modules/repeater-depth-helper/
    • By MoritzLost
      Cacheable Placeholders
      This module allows you to have pieces of dynamic content inside cached output. This aims to solve the common problem of having a mostly cacheable site, but with pieces of dynamic output here and there.  Consider this simple example, where you want to output a custom greeting to the current user:
      <h1>Good morning, <?= ucfirst($user->name) ?></h1> This snippet means you can't use the template cache (at least for logged-in users), because each user has a different name. Even if 99% of your output is static, you can only cache the pieces that you know won't include this personal greeting. A more common example would be CSRF tokens for HTML forms - those need to be unique by definition, so you can't cache the form wholesale.
      This module solves this problem by introducing cacheable placeholders - small placeholder tokens that get replaced during every request. The replacement is done inside a Page::render hook so it runs during every request, even if the response is served from the template cache. So you can use something like this:
      <h1>Good morning, {{{greeting}}}</h1> Replacement tokens are defined with a callback function that produces the appropriate output and added to the module through a simple hook:
      // site/ready.php wire()->addHookAfter('CachePlaceholders::getTokens', function (HookEvent $e) { $tokens = $e->return; $tokens['greeting'] = [ 'callback' => function (array $tokenData) { return ucfirst(wire('user')->name); } ]; $e->return = $tokens; }); Tokens can also include parameters that are parsed and passed to the callback function. There are more fully annotated examples and step-by-step instructions in the README on Github!
      Features
      A simple and fast token parser that calls the appropriate callback and runs automatically. Tokens may include multiple named or positional parameters, as well as multi-value parameters. A manual mode that allows you to replace tokens in custom pieces of cached content (useful if you're using the $cache API). Some built-in tokens for common use-cases: CSRF-Tokens, replacing values from superglobals and producing random hexadecimal strings. The token format is completely customizable, all delimiters can be changed to avoid collisions with existing tag parsers or template languages. Links
      Github Repository & documentation Module directory If you are interested in learning more, the README is very extensive, with more usage examples, code samples and usage instructions!
×
×
  • Create New...