3

I'd like to obfuscate an email address on my webpage. I'm hoping to avoid JS in case my users deactivate it.

I found this gem: actionview-encoded_mail_to but it doesn't seem to work for me. It shows the full email address on the page (which is good), but it also shows it in the console.

I tried the 3 examples with the same result. The gem appears in my Gemfile so should be correctly installed.

Lauraponi
  • 319
  • 2
  • 12

1 Answers1

2

You can always roll your own but, first, that gem definitely works. Here's what I did...

Using the Gem

I added the gem to a Rails 4.2 app:

# Gemfile
gem 'actionview-encoded_mail_to'

I installed it:

$ bundle install

I entered the console:

$ rails console

I made the helper methods available in the console:

include ActionView::Helpers::UrlHelper

Called the mail_to helper with the same arguments as the example:

mail_to "me@domain.com", nil, replace_at: "_at_", replace_dot: "_dot_", class: "email"

...and got this result:

"<a class=\"email\" href=\"mailto:me@domain.com\">me_at_domain_dot_com</a>"

That "me_at_domain_dot_com" looks properly obfuscated. What steps did you take?

Rolling your own obfuscation

It would be a trivial string substitution to obfuscate an email string, we can just use sub:

def obfuscate_email(email, replace_at: '_at_', replace_dot: '_dot_')
  email.sub("@", replace_at).sub ".", replace_dot
end

I tested that out in the console:

obfuscate_email "me@example.com"
# => "me_at_example_dot_com"

You can place that method in application_helper.rb and use it in any of your views:

link_to obfuscate_email(user.email), "mailto:#{user.email}"
# => "<a href=\"mailto:me@example.com\">me_at_example_dot_com</a>"

Note that the href must be the unobfuscated email in order for it to work properly.

Towards a more complete mail_to helper

def obfuscated_mail_to(email, options = {})
  link_to obfuscate_email(email), "mail_to:#{email}", options
end

Testing that in the console:

obfuscated_mail_to "me@example.com", class: "email"
=> "<a class=\"email\" href=\"mail_to:me@example.com\">me_at_example_dot_com</a>"

Hope that helps!

DiegoSalazar
  • 13,361
  • 2
  • 38
  • 55
  • (This is in reference to the gem, not your answer) the mail_to isn't obfuscated, when using that gem, which to me makes it basically useless? i mean you are trying to prevent automated scraping, so unless you don't include the mail_to, or change it, even a simple bot can pull the page, yank all the mail_to and have access to the email address. All it appears to do is make harder for the end user to cut/paste it. Now if it didn't have the mailto: link it would be somewhat more obfuscated... – Doon Sep 15 '16 at 15:00
  • That's right, the `href` of the link tag isn't obfuscated because then it wouldn't work. It would open your mail client and add the obfuscated email to the `to:` field of the email, so you'd have to deobfuscate it before sending the email. You have to make a decision, do you want a functioning `mail_to` or do you want to completely obfuscate the email and strip it of its default functionality? In the latter case just place the obfuscated email as a plain string on your page: `My email: <%= obfuscate_email user.email %>` – DiegoSalazar Sep 15 '16 at 15:08
  • Ok, both your answers make sense. I did hope that the href email would be obfuscated since that seems to be the only way a scrapper wouldn't get it, and I did wonder how obfuscating it would allow to send the email. Tx! – Lauraponi Sep 16 '16 at 12:04