You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
Assuming a normal build process and the example usage described in README.md, the example input produces an output that specifies the email in plaintext in the .js that is served. In this case, usage of react-obfuscate provides no protection, because certainly a malicious web-crawler which goes to the greater difficulty of rendering the DOM to harvest emails will also scan the .js for emails.
Describe the solution you'd like
I suggest that README.md should not claim that the <Obfuscate> component makes the email or link given in the example useless for spammers, and should detail the additional steps required to protect emails and links from spammers.
Given that there are 12,000 downloads per month for this package, improving it to obfuscate the children and props of the <Obfuscate> tag in the compiled source might be worth doing.
Describe alternatives you've considered javascript-obfuscator can be used mangle string literals in source code appropriately, or they might be scrambled by hand and recovered with vanilla JavaScript.
The text was updated successfully, but these errors were encountered:
Hey @g-vernon, thank you for your interest in the topic.
Parsing JavaScript bundles to extract email addresses is not a common approach for website scrapers. Parsing JavaScript bundles adds significant complexity and overhead to the scraping process. JavaScript files can be minified, obfuscated, or loaded dynamically, making it challenging to reliably extract email addresses.
Most scrapers focus on parsing the HTML DOM (directly or utilizing browser automation tools like Selenium to render the page and extract information.)
Based on this knowledge, I'm content with the current implementation.
Is your feature request related to a problem? Please describe.
Assuming a normal build process and the example usage described in
README.md
, the example input produces an output that specifies the email in plaintext in the.js
that is served. In this case, usage of react-obfuscate provides no protection, because certainly a malicious web-crawler which goes to the greater difficulty of rendering the DOM to harvest emails will also scan the.js
for emails.Describe the solution you'd like
I suggest that
README.md
should not claim that the<Obfuscate>
component makes the email or link given in the example useless for spammers, and should detail the additional steps required to protect emails and links from spammers.Given that there are 12,000 downloads per month for this package, improving it to obfuscate the children and props of the
<Obfuscate>
tag in the compiled source might be worth doing.Describe alternatives you've considered
javascript-obfuscator can be used mangle string literals in source code appropriately, or they might be scrambled by hand and recovered with vanilla JavaScript.
The text was updated successfully, but these errors were encountered: