Musings of a Manchester Drupal guy

Drupal, Open Source, Analytics, Social Media.

Thursday, August 04, 2005

Encoding html using javascript's escape & unescape

Encoding html using javascript's escape & unescape: "Encoding html using javascript's escape & unescape

There are a couple of reasons that you may want to encode some (or all) of your source html, these include:

* Slightly increased security - by protecting your source from being easily read you are making it more difficult for anyone trying to find a workaround to your site (includes spoofing payments and gaining access to members areas)
* Protection for automated non-javascript enabled crawlers - many of these are used to harvest email addresses from websites to add to spam mailing lists, and encoded email address will not be recognised as they cannot process the javascript.

There is also a downside however. Users of your website may well be veiwing it on a non-javascript enabled browser or have javascript turned off (usually done to avoid malicious scripts and auto-popups), if the site user is unable to process the javascript then they too will be unable to read the information that has been encoded and it will appear missing from the page."