/encode/index.php

https://github.com/pornel/hCardValidator · PHP · 73 lines · 68 code · 3 blank · 2 comment · 1 complexity · 1feaceca087cbd9c1b6d7fd27ebad432 MD5 · raw file 

    

  1. <!DOCTYPE html>
    2. 

  2. <html>
    3. 

  3. <link rel=stylesheet href="/i/style.css">
    4. 

  4. <meta charset=UTF-8>
    5. 

  5. <meta name=robots content="index,nofollow">
    6. 

  6. <title>e-mail address obfuscator</title>
    7. 

  7. <h1>hCard-friendly e-mail address obfuscator</h1>
    8. 

  8. <p>It encodes e-mail addresses using random mix of <code>urlencode</code>, <abbr>HTML</abbr> entities and then generates markup that's as tricky as possible, while remaining <strong>valid and parseable by browsers</strong> and <abbr>XML</abbr>-compliant parsers.
    9. 

  9. <form id=email-encoder>
    10. 

  10. <div><label for=email>e-mail address:</label> <input id=email type=email name=addr required> <small>(<em>obviously</em>, these e-mails are not collected)</small></div>
    11. 

  11. <p><input type=submit value=Encode></p>
    12. 

  12. </form>
    13. 

  13. <?php
    14. 

  14. 

  15. /**
    16. 

  16.  * obfuscates e-mail address
    17. 

  17.  * @param in_attribute - if true, will not put HTML comments in it (result will suitable for use in href)
    18. 

  18.  */
    19. 

  19. function html_encode_email_address($m,$in_attribute=true)
    20. 

  20. {
    21. 

  21.     $o='';
    22. 

  22.     if ($in_attribute)
    23. 

  23.     {
    24. 

  24.         for($i=0;$i<strlen($m);$i++)
    25. 

  25.         {
    26. 

  26.             // apply url-encoding at random just to be more confusing
    27. 

  27.             $o .= (mt_rand(0,100) > 60 || !ctype_alnum($m[$i]))?sprintf('%%%02x',ord($m[$i])):$m[$i];
    28. 

  28.         }
    29. 

  29.         $m = 'mailto:%20'.$o.'?'; $o=''; // query string is allowed in mailto:, even if empty
    30. 

  30.     }
    31. 

  31. 

  32.     for($i=0;$i<strlen($m);$i++)
    33. 

  33.     {
    34. 

  34.         if (!$in_attribute && $i==strlen($m)>>1) $o .= '<!--
    35. 

  35. mailto:abuse@hotmail.com
    36. 

  36. </a>
    37. 

  37. -->&shy;';
    38. 

    39. 

  39.         // random characters are encoded + few special characters for added trickyness.
    40. 

  40.         // <>& are encoded to protect encoder against XSS.
    41. 

  41.         if (mt_rand(0,100) > 40 || false !== strpos(" .:<>&",$m[$i]))
    42. 

  42.         {
    43. 

  43.             // mix of decimal and hexadecimal entities
    44. 

  44.             $format = (mt_rand(0,100) > 66) ? '&#%d;' :
    45. 

  45.                       '&#x%'.((mt_rand()&4)?'X':'x').';';
    46. 

  46.             $o .= sprintf($format, ord($m[$i]));
    47. 

  47.         }
    48. 

  48.         else
    49. 

  49.         {
    50. 

  50.             $o .= $m[$i];
    51. 

  51.         }
    52. 

  52.     }
    53. 

  53.     return $o;
    54. 

  54. }
    55. 

  55. 

  56. if (isset($_GET['addr']))
    57. 

  57. {
    58. 

  58.     $addr = trim($_GET['addr']);
    59. 

  59. 

  60.     // that's class attribute containing newlines and attribute-like syntax.
    61. 

  61.     // should be enough to confuse regex-based extractors
    62. 

  62.     $out = "<a\nclass='email\nhref=\"mailto:x@y\"\n'\nhref\n =\t'\t\n&#x20;" .
    63. 

  63.            html_encode_email_address($addr) .
    64. 

  64.            "\n'>" .
    65. 

  65.            html_encode_email_address($addr,false) .
    66. 

  66.            '</a>';
    67. 

  67. 

  68.     echo '<pre style="padding:2em;border:1px dashed #eee"><code>'.htmlspecialchars($out).'</code></pre>';
    69. 

  69.     echo '<p>Test: '.$out.'</p>';
    70. 

  70. }
    71. 

  71. ?>
    72. 

  72. <hr>
    73. 

  73. <p><a href="/">Return to the hCard Validator</a>.
    74.