Often we have to display email addresses and other contact information on our pages. For example providing a mailto link etc. However, along with the intended users, some other persons/bots are also interested in getting those email IDs for sending spams. For this, spammers use special bots for harvesting email/contact info from the web. In this post, I will show a method using javascript and any server side language by which we can easily protect such important information.

example

The following c# code sample demonstrates the use of this code. The server side:

<script type="text/javascript">document.write(JsDecrypt(<%=JsEncrypt("example@example.com")%>));</script>

It is how the code will look like on the client side

document.write(JsDecrypt({value:"%u00c2%u0097%17%3aw%u00ea%u00cdu%0f1K%u00a2G%u008a%0d%u00e3%u00fb%02%02",key:93 }));

When this script gets executed on the client side, the email id "example@example.com" will be printed to the document. Naturally, for it to work, the JsDecrypt() function should also be included in the page.

How it works?

It is simple, the server side code encrypts the information and encodes it in JSON, javascript object notation, and sends it to the client. There our java script function JsDecrypt() decrypts the message and returns the original message. A special thing is that the key used is generated randomly while encrypting the message and is included in the JSON returned. The client side script uses that key for the decryption process. Hence, the same message would generate different outputs depending upon the randomly generated key.

Naturally the encryption method used is not the strongests however, it is more than enough for preventing the email spam bots. Also the code as it is, will only work with ascii characters (not tested with unicode).

code

The code for this javascript decrypter has two parts. 1. The server side code for encrypting the data. The server side code can be in any language even in php. The only thing to remember is that the decrypter and encrypter version should be the same. 2. The client side javascript for decryption. The client code follows.

<script type="text/javascript" language="javascript">//version:1.0//the version of the encryption method used should also be 1.0function JsDecrypt(value){var key=value.key;value=unescape(value.value);var output='';for(i=0;i<value.length;i++){output= output+ String.fromCharCode(((value.charCodeAt(i)+256)-key)%256);key=(key+value.charCodeAt(i))%256;}return output;}</script>

The JsDecrypt() function takes an object with two properties. 1. The encrypted data. 2. The key used for encryption. Then the function decrypts the data using the key and returns the result. Note

The encryption function discussed below returns the encryption result as required by the JsDecrypt() function. You only need to pass it directly to the JsDecrypt() function for decrypting.

The server side code

The server side code can be in any language as long as the generated result is as per the format required by the JsDecrypt() function. I have included code for asp.net (c#) and php. asp.net code follows.

asp.net version

//version:1.0//the javascript decrypter version should also be 1.0public string JsEncrypt(string data){int Key=new Random().Next(0,256);int StartingKey=Key;string output=string.Empty;for(int i=0;i<data.Length;i++){ output+=char.ConvertFromUtf32((char.ConvertToUtf32(data,i)+Key)%256);Key =(Key +char.ConvertToUtf32(output,i))%256;}return string.Format("{{value:\"{0}\",key:{1} }}",System.Web.HttpUtility.UrlEncodeUnicode ( output),StartingKey);}

php version

//version:1.0//the javascript decrypter version should also be 1.0function JsEncrypt($string){$const=rand(0,255);$key=$const;$output='';for($i=0;$i<strlen($string);$i++){$output.=chr((ord($string[$i])+$const)%256);$const=(($const+ord($output[$i]))%256);}return '{value:"'.rawurlencode($output).'",key:'.$key.'}';}
Digg It!DZone It!StumbleUponTechnoratiRedditDel.icio.usNewsVineFurlBlinkList