Bug: Spam proofing not working in all cases
Email addresses included indirectly in TWikiPreferences settings, e.g. %WEBCOPYRIGHT%, are not spam-proofed. This is probably because they are used in<a href> style mailto links, though other cases may also cause this if TWiki is not generating the mailto: link.
The TWiki templates (*.tmpl) have quite a few other examples of this, but they are less likely to be encountered by spambots harvesting email addresses.
Test case
See copyright notice at bottom of any TWiki page.Environment
| TWiki version: | Any, inc Dec 2001 and TWikiAlphaRelease |
| TWiki plugins: | |
| Server OS: | n/a |
| Web server: | n/a |
| Perl version: | n/a |
| Client OS: | |
| Web Browser: |
Follow up
Workaround:- If you are using a fairly recent TWikiAlphaRelease, change any use of mailto that causes this bug - you can just use the new EmailThisPageLink syntax for mailto's. For example, in TWikiPreferences' WEBCOPYRIGHT, replace the
<a href>mailto link with:[[mailto:%WIKIWEBMASTER%?subject=%WIKITOOLNAME%%20Feedback Send feedback]]. Note that this may not work in all cases, but does work for the WEBCOPYRIGHT case.- This workaround is now implemented on my own TWiki site, see http://donkin.org/bin/view/TWiki/TWikiPreferences?raw=on
.
- This workaround is now implemented on my own TWiki site, see http://donkin.org/bin/view/TWiki/TWikiPreferences?raw=on
- With other releases, you may have to experiment a bit to find a reasonable fix - of course, you can always type in a full spamproofed address as a temporary fix.
<a href> mailto links.
-- RichardDonkin - 14 May 2002
Hmm, I think this should not be fixed. An HTML anchor tag is not part of TWiki rendering, if there is an e-mail address in an href it should get rendered as is. The user can add spam padding if needed since the link is coded manually anyway.
-- PeterThoeny - 10 Nov 2002
I think spam proofing should be optional (as now) but automatic, even for 'a href' links - it's very easy to miss a few addresses by mistake. Probably this should be configurable since opinions differ, but I suspect people who don't want spam-proofing on 'a href' links would also not want spam-proofing on TWiki-generated mailto: links.
Anyway, the more important thing is to use the new mailto: format for all TWiki-generated mailto: links, so that these are auto-spamproofed. This is only a fairly weak protection against spam anyway, since some of the spam collectors out there can remove simple spam-proofing.
-- RichardDonkin - 10 Nov 2002
Fix record
Topic revision: r3 - 2002-11-10 - RichardDonkin
Site map
Blog web
Create New Topic
Index
Search
Advanced search
My topics of interest
Changes
Major changes only
All tags
Notifications
RSS Feed
Statistics
Preferences
Community 
Readme first
Developers News
How you can help
Community roles
#twiki IRC
Lima Release
Feature Proposals
Bugs Changes
Categories 
Account 
Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.