email obfuscation by Text::Markdown undone by HTML::Scrubber

author http://gmcmanus.myopenid.com/ <http://gmcmanus.myopenid.com/@web>

Tue, 22 Jul 2008 03:25:17 +0000 (23:25 -0400)

committer Joey Hess <joey@kitenet.net>

Tue, 22 Jul 2008 03:25:17 +0000 (23:25 -0400)
author http://gmcmanus.myopenid.com/ <http://gmcmanus.myopenid.com/@web>
Tue, 22 Jul 2008 03:25:17 +0000 (23:25 -0400)
committer Joey Hess <joey@kitenet.net>
Tue, 22 Jul 2008 03:25:17 +0000 (23:25 -0400)
diff --git a/doc/bugs/htmlscrubber_undoes_email_obfuscation_by_Text::Markdown.mdwn b/doc/bugs/htmlscrubber_undoes_email_obfuscation_by_Text::Markdown.mdwn

new file mode 100644 (file)

index 0000000..17836ab
--- /dev/null
+++ b/doc/bugs/htmlscrubber_undoes_email_obfuscation_by_Text::Markdown.mdwn
@@ -0,0 +1,17 @@
+From the source of [[usage]]:
+
+    <a href="mailto:joey@ikiwiki.info">&#x6A;&#111;&#101;&#x79;&#64;i&#107;&#105;w&#105;&#107;&#x69;&#46;&#105;n&#x66;&#x6F;</a>
+
+Text::Markdown obfuscates email addresses in the href= attribute and in the text.
+Apparently this can't be configured.
+
+HTML::Scrubber doesn't set `attr_encoded` for its HTML::Parser, so the href= attribtute is decoded.
+Currently it seems it doesn't set `attr_encoded` for good reason: so attributes can be sanitized easily,
+e.g. as in htmlscrubber with `$safe_url_regexp`.
+This apparently can't be configured either.
+
+So I can't see an obvious solution to this.
+Perhaps improvements to Text::Markdown or HTML::Scrubber can allow a fix.
+
+One question is: how useful is email obfuscation?
+Don't spammers use HTML parsers?
author	http://gmcmanus.myopenid.com/ <http://gmcmanus.myopenid.com/@web>
	Tue, 22 Jul 2008 03:25:17 +0000 (23:25 -0400)
committer	Joey Hess <joey@kitenet.net>
	Tue, 22 Jul 2008 03:25:17 +0000 (23:25 -0400)