JavaScript spam filter

Question

I tried to make a spam filter for my e-mail by JavaScript. Unfortunately the code won't be passed by a validator. Can anyone say what are the mistakes in my code in http://jaakkospage.comyr.com/ ?

If you want to contact, please send me an
<script type="text/javascript">
// Email obfuscator script 2.1 by Tim Williams, University of Arizona
// Random encryption key feature by Andrew Moulden, Site Engineering Ltd
// This code is freeware provided these four comment lines remain intact
// A wizard to generate this code is at http://www.jottings.com/obfuscator/
{ coded = "sppDD0.s.fBxxpYp@ULpJY.Q0L?fjHsBQi=LpJY 5m0L iVB cBHxpUB"
  key = "r3uREWBMXSnIezJANyZHi2Dq8btKkGv7PQFd4VTc51xh9wf0pCLYsoaUmljO6g"
  shift=coded.length
  link=""
  for (i=0; i<coded.length; i++) {
    if (key.indexOf(coded.charAt(i))==-1) {
      ltr = coded.charAt(i)
      link += (ltr)
    }
    else {     
      ltr = (key.indexOf(coded.charAt(i))-shift+key.length) % key.length
      link += (key.charAt(ltr))
    }
  }
document.write("<a href='mailto:"+link+"'>e-mail.</a>")
}
//-->
</script><noscript>Sorry, you need Javascript on to email me.</noscript>

Some of the validation errors:

Line 42, Column 27: character ";" not allowed in attribute specification list

for (i=0; i<coded.length; i++) {

Line 42, Column 27: element "coded.length" undefined

for (i=0; i<coded.length; i++) {

You have used the element named above in your document, but the document type you are using does not define an element of that name. This error is often caused by:

incorrect use of the "Strict" document type with a document that uses frames (e.g. you must use the "Frameset" document type to get the "" element), by using vendor proprietary extensions such as "" or "" (this is usually fixed by using CSS to achieve the desired effect instead). by using upper-case tags in XHTML (in XHTML attributes and elements must be all lower-case).

Answer 1

The basic issue here is that you have a <script> tag that contains a < sign. The XHTML parser sees that as the beginning of a new tag, which it believes is called coded.length.

There are a few possible solutions. One is to put in the opening comment delimiter. You have the closing delimiter -->, but not the opening delimiter. You just have to add a line containing <!-- right after the <script> to get this to work. When I try that on your page, though I get a validation error about the <noscript> element. <noscript> appears to have some serious problems in XHTML 1.1, I'm not sure how to get it to both work and validate.

Of course, you appear to be serving your XHTML with mime type text/html, which is technically incorrect, and which means that browsers actually parse it as HTML, not as XHTML. See Sending XHTML as text/html Considered Harmful for some information on why this is a bad idea (though some of the reasons on that page are out of date, as they refer to old browsers that basically no one is using any more).

Another solution is to switch from an XHTML doctype to HTML5. This is a new, much easier to use doctype, that is more closely based on how browsers actually parse your HTML. All you have to do is change your <!DOCTYPE html SYSTEM ...> declaration to <!DOCTYPE html>. That's it! Well, you'll also have to remove your </meta> close tag, or turn it into a self closing element <meta ... />. In this case, you don't need the comments around the contents of the <script> element; the parser will ignore all < signs up to the next </script>.

Answer 2

The reason your code does not validate is because inside <script></script> you must use HTML entitites to represent HTML chars like < > &

the parser complains about <coded.length element not defined because the validator is seeing a HTML tag there

The most simple option is to escape to HTML entities the content st the script tag, a better move is to have your JS at a different file, linked to your page

Answer 3

I suggest moving the javascript into a separate .js file. This should allow the HTML to pass validation. It is a good practice to have this separation.