Tuesday, 23 June 2009

Javascript munging broken? Here's a solution

As pointed out in this slashdot article, Google has broken javascript email munging as suggested by projecthoneypot.org.

Of course, there are a few easy ways around this, and lots of not-as-easy methods.

  • Since Google obeys robots.txt, move the munging javascript to obfusmail.js and add it to the disallow list in robots.txt.
  • Use onmousemove or onmouseover on the body or even on an image displaying the email to swap said image or a blank text area for the email in question.
  • AFAIK google doesn't use cookies when spidering; store a randomly generated piece of data in a cookie, and xor the the password with it on both sides.
  • Use an ascii font to display the email. Dynamically, if you feel like really having fun with it.
  • And so on and so forth...

So the short version? Swap the most naive js mungers for something a bit smarter. An extra five lines of code or of annotations. It's not the end of the world. And when that gets beaten... move to the next solution. There will always be problems with usability for the visually impaired, for those who refuse to use js or cookies, and so on, and that's why you have a separate direct contact form. Right?