safe_mailto() with <noscript> fallback

[eluser]Prophet[/eluser]
Hi everybody. When developing applications I like to consider the ~5% of users that browse the internet without javascript. I noticed today that CI's safe_mailto() function doesn't return any sort of no-javascript-friendly value.

Here is my fix. It may be a bit crude but it was the best I could come up with in a short timeframe. Hopefully somebody else finds this useful.

There are two ways of implementing my solution. The first is to extend the URL helper by creating system/application/helpers/MY_url_helper.php. The forum wasn't displaying the code properly when I submitted this post so you can view the code here: http://stock.mindinternet.co.nz/fm/downl...helper.txt.

Or you can modify the safe_mailto() function in helpers/url_helper.php:

Code:

/* This goes after the /script tag (line 351 for me) */
<noscript>&lt;?php
$x_len = count($x);
for ($i = $x_len-1; $i >= 0; $i--)
{
    if (substr($x[$i], 0, 1) == '|')
    {
        echo '&#'.substr($x[$i], 1).';';
    }
    else
    {
        echo $x[$i];
    }
} ?&gt;
</noscript>

[eluser]Clooner[/eluser]
I don't think a safe_mailto will work without any sort of client side scripting. It looks like it now will generate something that will be readable by no one .

It seems like you haven't thought this through!

[eluser]Prophet[/eluser]
[quote author="clooner" date="1277814169"]I don't think a safe_mailto will work without any sort of client side scripting. It looks like it now will generate something that will be readable by no one .

It seems like you haven't thought this through![/quote]
My code produces something along the lines of (using my email address):

Code:

<noscript><a href="mailto:[email protected]">contact us</a></noscript>

Yes, there are bots that will interpret this just fine and still harvest the email address. But in terms of usability, isn't that better than displaying nothing at all (which is what safe_mailto does if the user has javascript disabled)?

Edit: ignore the plain-text mailto. It is "encrypted" but the forums seem to want to convert everything

[eluser]Prophet[/eluser]
You can see it in action here: http://stock.mindinternet.co.nz/blablabla

Code:

You can <?=safe_mailto('[email protected]', 'contact us')?> if you need some help

[eluser]Clooner[/eluser]
[quote author="Prophet" date="1277815102"]You can see it in action here: http://stock.mindinternet.co.nz/blablabla

Code:

You can <?=safe_mailto('[email protected]', 'contact us')?> if you need some help

[/quote]

I rest my case! I see it will be readable by the browser but not by humans, older browsers and probably bots.

Code:

support@stockmanager.co.nz

Nice work!

[eluser]mddd[/eluser]
The simple fact is: if it is visible to a browser that doesn't use javascript, it is also visible to a bot.
Encoding it in html entities doesn't do anything really. It takes one simple 'convert entities to characters' and everything is in plain sight.
Use it if it makes you feel better. But I don't believe it will do anything to protect you from spam.

[eluser]Prophet[/eluser]
[quote author="mddd" date="1277817667"]The simple fact is: if it is visible to a browser that doesn't use javascript, it is also visible to a bot.
Encoding it in html entities doesn't do anything really. It takes one simple 'convert entities to characters' and everything is in plain sight.
Use it if it makes you feel better. But I don't believe it will do anything to protect you from spam.[/quote]

It will give some protection against spam, which is better than no protection.