Reputation: 3873
How to prevent browser from replacing email in text field with JavaScript?
I have a field in a form like so:
<input type="text" name="email" />
I'm using PHP to check the validity of the form, which contains other fields in addition to this one. If the validity check fails, I store the values in the session and output the form again with an error message and the form values prepopulated.
If I add an email, say "[email protected]", and the form invalidates, then "[email protected]" gets replaced with JS:
<script type='text/javascript'> <!-- var prefix = 'ma' + 'il' + 'to'; var path = 'hr' + 'ef' + '='; var addy34269 = 'person' + '@'; addy34269 = addy34269 + 'example' + '.' + 'com'; document.write('<a ' + path + '\'' + prefix + ':' + addy34269 + '\'>'); document.write(addy34269); document.write('<\/a>'); //-->\n </script><script type='text/javascript'> <!-- document.write('<span style=\'display: none;\'>'); //--> </script>This email address is being protected from spambots. You need JavaScript enabled to view it. <script type='text/javascript'> <!-- document.write('</'); document.write('span>'); //--> </script>
Needless to say this is not what I want. This happens in Chrome and Firefox; I'm not sure about the others. How can I prevent the browser from replacing the email after form invalidation?
I had thought of using str_replace to make the email not look like an email, then use JS to do another string replacement to bring it back to its original value, but I'd like to do this without JS if possible. Any ideas?
Upvotes: 1
Views: 1830
Answers (3)
Reputation: 61
This happens when you have cloudflare activated as you CDN with the highest security settings. You can log into your cloudflare account and change your setting to moderate.
Also if you are using joomla, you can add {emailcloak=off} in front of the email address that is being replaced. For example: {emailcloak=off} [email protected]
This usually fixes the issue.
Upvotes: 1
Reputation: 21881
As you (or your host) is using Joomla! you can disable the "Email cloaking" Plugin completly or disable the cloaking feature for a single email as discussed here
Upvotes: 1
Reputation: 85
I've seen this before. I use CloudFare on my sites and email address in plaintext are encoded to prevent them from being stolen by spambots. You might have a similar service which helps protect your web host.
<script type='text/javascript'> <!-- var prefix = 'ma' + 'il' + 'to'; var path = 'hr' + 'ef' + '='; var addy34269 = 'person' + '@'; addy34269 = addy34269 + 'example' + '.' + 'com'; document.write('<a ' + path + '\'' + prefix + ':' + addy34269 + '\'>'); document.write(addy34269); document.write('<\/a>'); //-->\n </script><script type='text/javascript'> <!-- document.write('<span style=\'display: none;\'>'); //--> </script>This email address is being protected from spambots. You need JavaScript enabled to view it. <script type='text/javascript'> <!-- document.write('</'); document.write('span>'); //--> </script>
Read through the code carefully and you will notice how it states "This email address is being protected from spambots."
EDIT: This is a server side edit so every browser that requests the page will get that result.
Upvotes: 1
Related Questions
- Spam Prevention/Reduction - Contact Form?
- How to make email submit form hide "form action=bla-bla.php" part from bots?
- Hide Email address in contact form without PHP
- Using JavaScript to prevent email address to be used by bots
- prevent spam messages in a contact form
- Contact Form anti-spam JavaScript and/or PHP
- Email anti spam PHP
- Protecting Froms From Scriptable Spamming
- Need a little help with anti email spam javascript
- Hiding email from spambots without using javascript