Hey Guys, I know this is probably laughingly simple, but its been a while. I have a form that will be used to send me email on a website. I think this is pretty typical stuff, so I’ll just include some details. Within the form is a submit button, along with a “hidden” form fields contains the email…
<br> <input type=”hidden” name=”sendtoemail” value=”
<br> <input type=”submit” value=”Send Email”> </form>
the form receiver provided by my hosting company will take the “sendtoemail” data, format the form, and send it to my email. Well obviously the “hidden” field is still there in plain sight in the source code. So lets say I want to avoid making my email address totally obvious to a SPAM robot, and want to replace the <input line with the email address with a javascript function to . So lets start with a brain dead simple function to compose a document.write().
<script language=”JavaScript” src=”myScripts.js”>
var a= “myemail”;
var b= “mdomain”;
var c= “com”;
var msend = a+ String.fromCharCode(64) + b+ String.fromCharCode(46) + c;
function dm()
{
document.write(“<input type=”hidden” name=”sendtoemail” value=”” + msend + “”>”);
}
</script>
OK, I said it was kind of brain dead. So now the two <input> lines above look like this…
<br><script type=”text/javascript”> dm();</script>
<br> <input type=”submit” value=”Send Email”> </form>
Well it does work, but two questions! First, When I load the page into Firefox, and use its handy “view page source” to see what the document.write() actually did (What does the FOX say?? π I see this…
<br><script type=”text/javascript”> dm();</script>
<br> <input type=”submit” value=”Send Email”> </form>
Well that’s really weird isn’t it? The actual call still shows up in the visible source code instead of the document.write() stuff. It does work, so the string MUST be being written right, but why can’t I see it in the “show page source”. Does that make sense?
Second, the bigger issue is whether there is a better way, because something tells me this isn’t too hard for a SPAM-BOT to foil. I guess anything like this relies on hiding the form in a page in a protected directory that you couldn’t get at without following a link on a public page. So the HTML generated by the javascript would only exist for the short time the user would use the form. I doubt this will stop a modern SPAM robot. So is there anything more creative I could do besides changing the email address once a month? Maybe I’m over thinking this? Its just that most of my inboxes runneth over with SPAM, so…