Encrypt mailto email addresses with inline JavaScript

Question

I have the following JavaScript code:

<script type='text/javascript'>
    var v2="xxxxx";
    var v7=unescape("%2%3432jklsjdkls%");
    var v5=v2.length;
    var v1="";
    for(var v4=0;v4<v5;v4++){
        v1+=String.fromCharCode(v2.charCodeAt(v4)^v7.charCodeAt(v4));
    }
    document.write('<a href="javascript:void(0)" onclick="window.location=\'mail\u0074o\u003a'+v1+'?subject='+'\'">'+'test(at)test(dot)com<\/a>');
 </script>

This code is on one line and I have no other possibility than this. Now I have to change the email address, but I need the v2 and v7 which I can't create.

Do you know where this snippet comes from? Do you know another algorithm which is secure (not only taking the ASCI values)? Here the ASCII codes, a XOR catenation and the encrypted value + key are used.

Answer 1

I would go about something simpler and equally-effective like this:

<a href="javascript:window.location.href = 'mailto:' + ['john','smith.com'].join('@')">john<!---->@<!---->smith.com</a>

• mailto: link is obfuscated and unreadable for bots
• html comments are used as junk so spam bots won't read the text of the link, while are hidden to a user. There can be any type of junk for example a <span> with display: none

Answer 2

Here are two external tools mentioned. For both you need to generate your Javascript code first with your email.

JavaScript eMail Encrypter

<!-- Add these lines to <head></head> -->
<script type="text/javascript"> <!--
function UnCryptMailto( s )
{
    var n = 0;
    var r = "";
    for( var i = 0; i < s.length; i++)
    {
        n = s.charCodeAt( i );
        if( n >= 8364 )
        {
            n = 128;
        }
        r += String.fromCharCode( n - 1 );
    }
    return r;
}

function linkTo_UnCryptMailto( s )
{
    location.href=UnCryptMailto( s );
}
// --> </script>

<!-- Use above link to generate your crypted email (example): -->
<a href="javascript:linkTo_UnCryptMailto('nbjmup;uftuAuftu/dpn');">test [at] test [dot] com</a>

---

ANTI-SPAM EMAIL LINK OBFUSCATOR

<script type="text/javascript" language="javascript">
<!--
// Email obfuscator script 2.1 by Tim Williams, University of Arizona
// Random encryption key feature coded by Andrew Moulden
// This code is freeware provided these four comment lines remain intact
// A wizard to generate this code is at http://www.jottings.com/obfuscator/
{ coded = "[email protected]"
  key = "594NIGdDgELkcwoAbPQirZaYCn1mWhURt0syV7Ojpqf8H3XMFvlezJTS2ux6KB"
  shift=coded.length
  link=""
  for (i=0; i<coded.length; i++) {
    if (key.indexOf(coded.charAt(i))==-1) {
      ltr = coded.charAt(i)
      link += (ltr)
    }
    else {     
      ltr = (key.indexOf(coded.charAt(i))-shift+key.length) % key.length
      link += (key.charAt(ltr))
    }
  }
document.write("<a href='mailto:"+link+"'>Example</a>")
}
//-->
</script><noscript>Sorry, you need Javascript on to email me.</noscript>

^{This tool was originally conceived and written by Tim Williams of The University of Arizona. The code to randomly generate a different encryption key each time the tool is used was written by Andrew Moulden. Ross Killen of Celtic Productions Ltd has also created a PHP version to enable use of this technique in web applications.}

This code is distributed as freeware, provided the authors' credits etc remain exactly as shown.