No argument Wayne - those simple forms code examples are bad news. Happy Christmas to you. ;-)
____________________________________ Neil Atwood - Sydney, Australia http://westserve.org - Blog, Christianity, Coffee and Tech Stuff. -----Original Message----- From: Wayne Johnson [mailto:[EMAIL PROTECTED] Sent: Thursday, 22 December 2005 4:45 PM To: [EMAIL PROTECTED]; Hardware List Subject: RE: [H] Web authoring question - protecting email addresses At 11:45 PM 12/21/2005, Neil Atwood typed: >There is no 'hidden' email address in the form (as such). The simplest forms use something like this <FORM action="mailto:[EMAIL PROTECTED]" method="post"> instead of scripting and these are equally harvestable > It's encoded by server-side scripting, so the answer is no, the > spambots have nothing to harvest. That's the way it should be to prevent harvesting <FORM action="http://www.wavijo.com/cgi/somescript.cgi"; method="post"> but people that have sites that don't support scripting such as GeoCities have no choice other than to get another webhosting service. As you probably know any Input can equal Hidden, Text, Password, Checkbox, Radio, Submit, Reset, File or Image such as <INPUT TYPE=hidden NAME=recipient VALUE="[EMAIL PROTECTED]"> <INPUT TYPE=hidden NAME=subject VALUE="Feedback on your HTML Reference"> I'm not arguing that forms used with scripting aren't secure or not but rather just pointing out that the simplest form action like I have at the top should be avoided at all costs as it's no better than using mailto: elsewhere in the html. Here is a website devoted to revealing the problems with using "action="mailto:........"; <http://www.isolani.co.uk/articles/mailto.html> ----------+---------- Wayne D. Johnson Ashland, OH, USA 44805 <http://www.wavijo.com>
