summaryrefslogtreecommitdiff
path: root/doc/ikiwiki/formatting/discussion.mdwn
blob: 0a8d6f567673096a47205e870c4602996594e0be (plain)

The markdown syntax states that emails are written with html entities, but in ikiwiki only one part is encoded as it. For reference see http://daringfireball.net/projects/markdown/syntax#misc.

In the HTML page I get this:

<a href="mailto:XXXXXXXXXX@gmail.com">&#x6D;&#x6D;&#x61;&#x73;&#x73;&#111;n&#110;&#101;&#x74;&#64;&#103;&#109;&#97;i&#108;&#46;&#x63;&#111;&#109;</a>

while it the href="" attribute should also be encoded.

--mike

The htmlscrubber removes entity encoding obfuscation from tag attributes This has to be done because such entity encoding can be used to hide javascript and other nonsense in html tag attributes. As a consequence, markdown's mail obfuscation is reverted.

I don't really see this as a serious issue, because if I were working for a spammer, I would include entity decoding in my web spider that searched for emails. And I could do it easily, as evidenced by the code in the htmlscrubber that doe it. So I assume this technique is not very effective at blocking spam. --[[Joey]]