add email tag obfuscation #1895

luyadev · Dec 18, 2018 · a769730 · a769730
1 parent 25fea8d
commit a769730
Show file tree

Hide file tree

Showing 4 changed files with 92 additions and 44 deletions.
diff --git a/composer.lock b/composer.lock
diff --git a/core/CHANGELOG.md b/core/CHANGELOG.md
@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file. This projec
 
 ## 1.0.15 (in progress)
 
+## Changed
+
++ [#1895](https://github.com/luyadev/luya/issues/1895) Changed to email output obfuscation in email tag instead of plain email mailto link.
+
 ### Added
 
 + [#1885](https://github.com/luyadev/luya/issues/1885) Fix issue where current url rule appends path param.
@@ -12,7 +16,7 @@ All notable changes to this project will be documented in this file. This projec
 
 ### Fixed
 
-+ [#1888](https://github.com/luyadev/luya/issues/1888) Fixed issue with ranger values which can have float values.
++ [#1888](https://github.com/luyadev/luya/issues/1888) Fixed issue with range values which can have float values.
 + [#1876](https://github.com/luyadev/luya/issues/1876) Fixed the url generation without module context when using language switcher.
 
 ## 1.0.14 (17. November 2018)

diff --git a/core/composer.lock b/core/composer.lock
diff --git a/core/tag/tags/MailTag.php b/core/tag/tags/MailTag.php
@@ -49,6 +49,38 @@ public function readme()
      */
     public function parse($value, $sub)
     {
-        return Html::mailto((!empty($sub)) ? $sub : $value, $value);
+        return Html::tag('a', Html::encode($sub) ?: $this->obfuscate($value), [
+            'rel' => 'nofollow',
+            'href' => $this->obfuscate('mailto:'.$value),
+            'encoding' => false,
+        ]);
+    }
+
+    /**
+     * Obfucscate email adresse
+     *
+     * @param string $email
+     * @return string
+     * @see https://stackoverflow.com/a/12592364/4611030
+     */
+    public function obfuscate($email)
+    {
+        $alwaysEncode = ['.', ':', '@'];
+        $result = null;
+        // Encode string using oct and hex character codes
+        for ($i = 0; $i < strlen($email); $i++) {
+            // Encode 25% of characters including several that always should be encoded
+            if (in_array($email[$i], $alwaysEncode) || mt_rand(1, 100) < 25) {
+                if (mt_rand(0, 1)) {
+                    $result .= '&#' . ord($email[$i]) . ';';
+                } else {
+                    $result .= '&#x' . dechex(ord($email[$i])) . ';';
+                }
+            } else {
+                $result .= $email[$i];
+            }
+        }
+
+        return $result;
     }
 }