Encrypt email with kirbytags

Is there anyway to encrypt emails to fight Spam bots using the email Kirbytag ?
ex : (email: aa@a.com)

I don’t know if there’s a ready to use solution, but you could create your own Kirbytag and implement the encryption of your choice.

The email tag actually already encrypts email addresses using HTML entities. The DOM view of your developer tools probably don’t show them like this, but the source code does. :smile:


Thks Lukas! :grinning: I read about this encrypt ability but was confuse by my developer tool.

I guess I wrote this for nothing :


function munge($address)
    $address = strtolower($address);
    $coded = "";
    $unmixedkey = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789.@";
    $inprogresskey = $unmixedkey;
    $unshuffled = strlen($unmixedkey);
    for ($i = 0; $i <= strlen($unmixedkey); $i++)
	$ranpos = rand(0,$unshuffled-1);
	$nextchar = $inprogresskey{$ranpos};
	$mixedkey .= $nextchar;
	$before = substr($inprogresskey,0,$ranpos);
	$after = substr($inprogresskey,$ranpos+1,$unshuffled-($ranpos+1));
	$inprogresskey = $before.''.$after;
	$unshuffled -= 1;
    $cipher = $mixedkey;
    $shift = strlen($address);
    $txt = "<script type=\"text/javascript\" language=\"javascript\">\n" .
           "<!-"."-\n" .
           "// Email obfuscator script 2.1 by Tim Williams, University of Arizona\n".
           "// Random encryption key feature by Andrew Moulden, Site Engineering Ltd\n".
           "// PHP version coded by Ross Killen, Celtic Productions Ltd\n".
           "// This code is freeware provided these six comment lines remain intact\n".
           "// A wizard to generate this code is at http://www.jottings.com/obfuscator/\n".
           "// The PHP code may be obtained from http://www.celticproductions.net/\n\n";

    for ($j=0; $j<strlen($address); $j++)
	if (strpos($cipher,$address{$j}) == -1 )
		$chr = $address{$j};
		$coded .= $address{$j};
		$chr = (strpos($cipher,$address{$j}) + $shift) % strlen($cipher);
		$coded .= $cipher{$chr};

    $txt .= "\ncoded = \"" . $coded . "\"\n" .
	"  key = \"".$cipher."\"\n".
	"  shift=coded.length\n".
	"  link=\"\"\n".
	"  for (i=0; i<coded.length; i++) {\n" .
	"    if (key.indexOf(coded.charAt(i))==-1) {\n" .
	"      ltr = coded.charAt(i)\n" .
	"      link += (ltr)\n" .
	"    }\n" .
	"    else {     \n".
	"      ltr = (key.indexOf(coded.charAt(i))-
shift+key.length) % key.length\n".
	"      link += (key.charAt(ltr))\n".
	"    }\n".
	"  }\n".
	"document.write(\"<a href='mailto:\"+link+\"'>\"+link+\"</a>\")\n" .
        "//-"."->\n" .
        "<" . "/script>";
  //<noscript>N/A" . "<"."/noscript>"; removed because it make the wysiwyg plug-in to misbehave
    return $txt;

kirbytext::$tags['email'] = array(
  'html' => function($tag) {

    $email = $tag->attr('email');
    $encrypted = munge($email);
    return $encrypted;


No, not really. The code you used relies on JavaScript, which is probably more reliable in terms of spam bot-unreadablility, while the Kirby implementation simply uses HTML entities (which is probably not as reliable but does not require any JavaScript).
Thanks a lot for posting this code, it might help other people who are not satisfied with the Kirby implementation. :smile:

Hey jpbagnis,
Hello Lukas

Thanks for the code!
There’s a problem, though, which messes up the output.
The link’s closing tag gets dropped:

document.write('<a href="mailto:'+ link +'">'+ link +'')

Seems to me some kind of collision with kirbytext.
But I can’t figure out where to fix this.
Any idea?

However, that only works if you type in the kirbytag manually. If you use the Email icon dialog, it won’t encrypt your emails.

The reason is the dialog window outputs a different syntax. If you fill in both the email and text field, it will output:

(email: aa@a.com text: aa@a.com)

And the text in that example won’t be encrypted in the source code - only te email.

If you, in turn, only fill in the email field (which you would expect to solve the problem), then it will output:


Which will also NOT encrypt your email in the source code.

And it gets worse: I tried to add an info field to explain how emails need to be manually filled in, but my kirbytag example gets rendered as an email link. How do I escape kirbytag syntax?

That’s indeed true, however difficult to solve. We can either always encode (not encrypt!) the text or never encode it. Trying to be smart and detect if the text is an email address isn’t reliable enough for this.

Yes, the bracket syntax is part of Markdown, not of Kirbytext. We should probably not use that in the Panel textarea field and instead use (email: aa@a.com). I have added it as an idea on GitHub.

Unfortunately you can’t currently escape Kirbytags properly.
You could escape them like this: (\email: aa@a.com), but the backslash (or any other character) would be displayed.
Or you could use the help attribute on the textarea field as that doesn’t support Kirbytext.

We are working on implementing escapable Kirbytags for Kirby 3. :slight_smile:

Looking so much forward to Kirby 3!

In the meantime, I managed to avoid Kirbytags from being rendered inside info fields with a zero-width non-joiner character instead of a backslash:

(&zwnj;email: name@domain.tld)

renders as

(email: name@domain.tld)

Works, but please note that you can’t copy-paste it from the info field to a textarea field – the Kirbytag won’t be rendered there as well.

That’s true and kind of renders my solution useless. :confused:

OK, then I’m sticking with the help attribute. Thanks for the tip.