Home>Network programming tutorial>ASP.NET tutorial

How to prevent sensitive information from being extracted from a page

Author:Eve Cole Update Time:2009-06-30 15:48:32

Emails posted on web pages are often automatically extracted by some tools, and some illegal users will use the extracted emails to send spam. Most of these tools search for the information after "mailto:" or the information before and after "@" in the link to achieve the purpose of extracting emails. I was looking at the source code of DotNetNuke (hereinafter referred to as DNN) and found a good way to prevent this information from being automatically extracted.

There is such a function in DNN (in Globals.vb):
Public Function CloakText()Function CloakText(ByVal PersonalInfo As String) As String

If Not PersonalInfo Is Nothing Then
Dim sb As New StringBuilder

' convert to ASCII character codes, convert the string into ASCII encoded string form
sb.Remove(0, sb.Length)
Dim StringLength As Integer = PersonalInfo.Length - 1
For i As Integer = 0 To StringLength
sb.Append(Asc(PersonalInfo.Substring(i, 1)).ToString)
If i < StringLength Then
sb.Append(",")
End If
Next

' build script block
Dim sbScript As New StringBuilder

sbScript.Append(vbCrLf & "<script language=""javascript"">" & vbCrLf)
sbScript.Append("<!-- " & vbCrLf)
'fromCharCode method: Returns a string from some Unicode character values.
sbScript.Append(" document.write(String.fromCharCode(" & sb.ToString & "))" & vbCrLf)
sbScript.Append("// -->" & vbCrLf)
sbScript.Append("</script>" & vbCrLf)

Return sbScript.ToString
Else
Return Null.NullString
End If

End Function

This code first converts the information to be encrypted into ASCII encoded string form, and then writes it to the page using the document.write method in javascript.

I tested the following effect and it works well. You can also try it.
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>Test information encryption</title>
</head>

<body>
Links that can be extracted: <a href=" mailto:[email protected]">[email protected]</a><br >
Links that cannot be extracted:
<script language="javascript">
<!--
document.write(String.fromCharCode(60,97,32,104,114,101,102,61,34,109,97,105,108,116,111,58,120,120,120,64,116,111,109,
46,99,111,109,34,62,120,120,120,64,116,111,109,46,99,111,109,60,47,97,62))
// -->
</script>
</body>
</html>

If you are interested, you can also use more complex methods to encrypt. In a word: people can no longer easily obtain information!
Related Articles