Email Obfuscation in Business Catalyst

Question

I'm working on Businesss Catalyst Web App right now and I have a serious problem. I need to obfuscate an email field of the Web App. Unfortunately there is no easy way of doing it because all of the info from the web app item is being put on the HTML page without any pre-processing(since we dont have access to the back-end of BC).

Here is my code right now:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>

<script>
    <!--

    function CryptMailto()
    {
        var n = 0;
        var r = "";
        var x = document.getElementById("test");
        var s = "mailto:"+x.value;
        var e = x.value;

        e = e.replace( /@/, " [at] ");
        e = e.replace( /\./g, " [dot] ");

        for( var i=0; i < s.length; i++ )
        {
            n = s.charCodeAt( i );
            if( n >= 8364 )
            {
                n = 128;
            }
            r += String.fromCharCode(n+1);
        }

        return "<a href=\"javascript:linkTo_UnCryptMailto('"+ r +"');\">"+ e +"</a>";
    }

    function UnCryptMailto( s )
    {
        var n = 0;
        var r = "";
        for( var i = 0; i < s.length; i++)
        {
            n = s.charCodeAt( i );
            if( n >= 8364 )
            {
                n = 128;
            }
            r += String.fromCharCode( n - 1 );
        }
        return r;
    }

    function linkTo_UnCryptMailto( s )
    {
        location.href=UnCryptMailto( s );
    }
    // -->
</script>


</head>

<body>


<input style = "" id = "test" type = "text" value = "[email protected]" />

<script>document.write(CryptMailto());</script>

</body>
</html>

Now the problem is that the hidden field can still be viewed through "View Source".

Is there a way to pre-process a field before it gets onto the front page?

Answer 1

Although not entirely what you want, you could output the email on a different page (with checks to redirect to the homepage if not being called from specific page) and then Ajax the email in. This would not show up in the view source but in some browsers would show up in the inspect element (chrome/Firefox) as these tend to show the updated code. Again, not ideal but makes it a bit harder for someone to grab the email.

UPDATE If you wanted to take it a step further, once you AJAX the email into a container on your page, store in javascript variable and then replace the content of the container you dumped you AJAX results into with something else, so if someone was to inspect the output of that region, it will have been replaced with your dummy text (or blank).

Answer 2

I talked to BC support and basically there is no way of doing this since it`s a sandbox CMS:(