Plone email harvesting protection

Question

Setting up a Plone 4.3 website, I'm struggling to understand how the built-in email protection against harversting works.

Using the products FacultyStaffDirectory, the addresses are shown in plain html into the source, without any (at least visible to me) protection.

Fiddling around in Plone and FacultyStaffDirectory source code I found the latter exploits the spamProtect.py script provided by the first one. The code is executed correctly, since adding a letter to the function return string changes the html code accordingly. However, the supposed changes (i.e. converting the @ and : symbols to their corresponding hex (?) codes) do not occur, since the address is shown unchanged in the html code.

I also tried wget to download the page, just to be sure that the browser was not automatically translating the codes, but nothing changes.

Am I missing something? Should I use another kind of protection?

Answer 1

Wrapping up:

• Diazo themes make the default spamprotect.py protection useless, since they translate the hex codes in plain text, thus producing a "plain" mailto link;
• No easy way to work around this;

Solved in my case removing email validation constraints from FacultyStaffDirectory and entering in the email field a link to a mailhide recaptcha protecting the email address.

Can be also better solved exploiting mailhide APIs, but it's a bit overkill for my own needs.

Answer 2

zest.emailhider may be an option.

With this package you can hide your email addresses by default so they are never in the html; with javascript the addresses are then fetched and displayed.

For every content item in your site you can have exactly one email address, as we look up the email address for an object by its UID. You would probably need to add some integration code for FacultyStaffDirectory. The PyPI page tells you how to do that.