diff options
author | http://gmcmanus.myopenid.com/ <http://gmcmanus.myopenid.com/@web> | 2008-07-21 23:25:17 -0400 |
---|---|---|
committer | Joey Hess <joey@kitenet.net> | 2008-07-21 23:25:17 -0400 |
commit | 2e51d5c74da6f4dda8a1f96781811d0b4c6c83c5 (patch) | |
tree | ba31608856253505db32854a7c3ada912c525cc0 | |
parent | c2a2f715087a4602876618fdec2fad073308a6d5 (diff) |
email obfuscation by Text::Markdown undone by HTML::Scrubber
-rw-r--r-- | doc/bugs/htmlscrubber_undoes_email_obfuscation_by_Text::Markdown.mdwn | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/doc/bugs/htmlscrubber_undoes_email_obfuscation_by_Text::Markdown.mdwn b/doc/bugs/htmlscrubber_undoes_email_obfuscation_by_Text::Markdown.mdwn new file mode 100644 index 000000000..17836abfe --- /dev/null +++ b/doc/bugs/htmlscrubber_undoes_email_obfuscation_by_Text::Markdown.mdwn @@ -0,0 +1,17 @@ +From the source of [[usage]]: + + <a href="mailto:joey@ikiwiki.info">joey@ikiwiki.info</a> + +Text::Markdown obfuscates email addresses in the href= attribute and in the text. +Apparently this can't be configured. + +HTML::Scrubber doesn't set `attr_encoded` for its HTML::Parser, so the href= attribtute is decoded. +Currently it seems it doesn't set `attr_encoded` for good reason: so attributes can be sanitized easily, +e.g. as in htmlscrubber with `$safe_url_regexp`. +This apparently can't be configured either. + +So I can't see an obvious solution to this. +Perhaps improvements to Text::Markdown or HTML::Scrubber can allow a fix. + +One question is: how useful is email obfuscation? +Don't spammers use HTML parsers? |