blob: 0a8d6f567673096a47205e870c4602996594e0be (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
The markdown syntax states that emails are written with html entities, but in ikiwiki only one part is encoded as it. For reference see <http://daringfireball.net/projects/markdown/syntax#misc>.
In the HTML page I get this:
<a href="mailto:XXXXXXXXXX@gmail.com">mmassonnet@gmail.com</a>
while it the href="" attribute should also be encoded.
--mike
> The htmlscrubber removes entity encoding obfuscation from tag attributes
> This has to be done because such entity encoding can be used to hide
> javascript and other nonsense in html tag attributes. As a consequence,
> markdown's mail obfuscation is reverted.
>
> I don't really see this as a serious issue, because if I were working for
> a spammer, I would include entity decoding in my web spider that searched
> for emails. And I could do it easily, as evidenced by the code in the
> htmlscrubber that doe it. So I assume this technique is not very effective
> at blocking spam. --[[Joey]]
|