0

I generate an email address on a website in javascript to make it a little bit more difficult for scrapers. Basically I have a few variables and then jumble them back together with javascript. 

var a = new Array('test','example','.com','@');
document.write(a[0]+a[3]+a[1]+a[2]);

Two questions:

  1. Is this effective?
  2. Someone told me it is dangerous, because "document.write" is insecure? How could this be exploited?
Chris
  • 2,883
  • 1
  • 26
  • 39
Lucas
  • 12,449
  • 11
  • 56
  • 88
  • This [link](http://stackoverflow.com/a/802894/1577396) may help you. – Mr_Green Sep 02 '13 at 09:03
  • 1. Don't know. If the scraping is done not via just grabbing the raw HTML, but running it though a headless browser, you obfuscation attempt will be useless. 2. Regarding `document.write`: http://stackoverflow.com/questions/802854/why-is-document-write-considered-a-bad-practice – Carsten Sep 02 '13 at 09:05

1 Answers1

3

Is this effective?

Moderately, but it is trivial to bypass if a spambot writer wants to go to the effort.

Someone told me it is dangerous, because "document.write" is insecure? How could this be exploited?

It can't. document.write is insecure only if you take improperly sanitised external data (such as part of the URL) and use it in the argument.

Quentin
  • 800,325
  • 104
  • 1,079
  • 1,205