Register | Log In
Download Contact
Resources > Forums
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...mailto: obfuscation in DNN 5.x and 6.xmailto: obfuscation in DNN 5.x and 6.x
Previous
 
Next
New Post
2/27/2012 6:57 AM
 
User is offline jimeverett

Joined: 7/24/2006
Posts: 4

We have recently begun using DNN 5.6.2 and 6.1.3 for new clients after a couple of years on 4.8.  Among the many improvements are a couple of problems that I cannot pin down, including mailto obfuscation.

In the plain text "Basic Text Box" view of the HTML module the email link is stored as simple HTML with no obfuscation. 

<a href="mailto:ewds@strath.ac.uk?subject=some%20subject">email </a>

 When the content is rendered javascript code is injected to re-configure the content as 

<a .uk?subject="some%20subject"" href=" window.location.replace('ma'+'ilto:'+'ewds'+'@'+'strath'+'.ac')">email </a>

I cannot find anywhere to change the javascript injection to cope with "3 part" domain names
 
New Post
2/27/2012 10:32 PM
 
User is offline cathal connolly


cathal connolly's Avatar

cathal connolly's Avatar

www.cathal.co.uk
Joined: 4/9/2003
Posts: 7401
most odd, not something i've seen. We do have a core function (CloakText) which can also be called by the core FormatEmail function which does mailto obfuscation, but it doesnt split up the mailto in that way (it actually encodes each character in turn so has no domain name logic). Is this in a particular module you're seeing it or in all html modules? Also can you check what editor provider you're using (the defaultProvider value of the htmlEditor node in web.config) as I'm not aware of all providers, perhaps it's a function provided by one of them.
 
New Post
2/28/2012 7:10 PM
 
User is offline Sebastian Leupold


Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

www.dnnwerk.de
Joined: 3/8/2004
Posts: 36865
Which HTML editor provider are you using? (see web.config file or Host > HTML Editor config)
Cheers from Germany,
Sebastian Leupold (DotNetNuke MVP)

dnnWerk - The DotNetNuke Experts   German Spoken DotNetNuke User Group   European Network of DotNetNuke Professionals
 
New Post
2/29/2012 5:02 AM
 
User is offline jimeverett

Joined: 7/24/2006
Posts: 4

I must confess I had jumped to the assumption that because I was seeing this in our new 5.x and 6.x instances it must have been something in these new versions.  As this is clearly not the case from the responses so far (and such a quick response is really great) I went back and had a closer look.

It turns our the culprit is PageBlaster.  We always install PageBlaster for the caching and did the same for these new versions.  What we did not spot is a rule in the config called "Mailto cloaker" that is replacing the mailto links with the javascript that I reported.

Commenting out the rule has solved the problem.  As a matter of interest the rule is

<rule>
                    <ruleName>MailTo Cloaker</ruleName>
                    <searchFor>href=['"]?mailto:(\w+[a-zA-Z0-9.\-_]*)@(\w+)\.(\w+)['"]?</searchFor>
                    <replaceWith>href=" window.location.replace('ma'+'ilto:'+'$1'+'@'+'$2'+'.$3')"</replaceWith>
</rule>

We will probably try to rewrite the regex to accommodate uk email addresses, but for now we have it fixed.

Thanks again for the quick response that pointed us in the right direction.
 
New Post
2/29/2012 5:21 PM
 
User is offline cathal connolly


cathal connolly's Avatar

cathal connolly's Avatar

www.cathal.co.uk
Joined: 4/9/2003
Posts: 7401
No problem, glad you found the issue and thanks for posting the details back here -it may end up helping someone else as multiple level top-level domains are pretty common -it may be worth contacting Snapsis and seeing if John will add the fix to a future release.
 
 Page 1 of 1
Previous
 
Next
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...mailto: obfuscation in DNN 5.x and 6.xmailto: obfuscation in DNN 5.x and 6.x


Forum Policy

These Discussion Forums are dedicated to the discussion of the DotNetNuke Web Application Framework.

For the benefit of the community and to protect the integrity of the project, please observe the following posting guidelines:

1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DotNetNuke.
2. Discussion or promotion of DotNetNuke product releases under a different brand name are strictly prohibited.
3. No Flaming or Trolling.
4. No Profanity, Racism, or Prejudice.
5. Site Moderators have the final word on approving/removing a thread or post or comment.
6. English language posting only, please.

Attend A Webinar
Start Professional Edition Trial
Have Someone Contact Me

Like Us on Facebook Join our Network on LinkedIn Follow DNN Corporate on Twitter Follow DNN on Twitter

Advertisers

Sponsors

DotNetNuke Corporation

DotNetNuke (DNN) provides a suite of solutions that make designing, building and managing feature-rich sites and communities fast, easy and cost-effective. The DotNetNuke Platform CMS is the foundation for more than one million websites worldwide. DNN Social, our newest solution, enables businesses to create immersive, interactive communities. Thousands of organizations like True Value Hardware, Bose, Cornell University, Glacier Water, Dannon, Delphi, USAA, NASCAR, Northern Health and the City of Denver have leveraged DNN to deploy highly engaging business- critical websites. Our rapid growth in product sales and deployments resulted in DotNetNuke Corp. being named one of the fastest growing private companies in America by Inc. Magazine in 2011 and 2012.
Copyright © 2002-2013 DotNetNuke Corp. / Terms of Use / Privacy
Hosted by MaximumASP