Email Encoder using unsafe eval()

  • Resolved florianbeck

    (@florianbeck)


    4 years, 4 months ago

    Hi,

    Email Encoder ist using unsafe Javascript function eval(). I guess preferred with the encoding method “Escape”. This is in conflict with my Content Security Policy.

    I guess the plugin switches random between “Rot13” and “Escape”. Is there a way to disable the “Escape” method? This should fix the usage of eval().

    Thanks,
    Florian

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Ironikus

    (@ironikus)

    4 years, 4 months ago

    Hey @florianbeck – thank you for your message.
    I’m afraid it is not possible at this point to deactivate only one of these functions, but I will add a filter with the next one that lets you manipulate the output.
    I will send you more information once it is published.
    If you have questions in the meantime, feel free to reach out.

    Plugin Author Ironikus

    (@ironikus)

    4 years, 4 months ago

    Hi @florianbeck – I just wanted to inform you that we now launched a new version for the addressed issue.

    We now have a filter available that lets you remove the escape function from the random assignment.

    You can use this function for your functions.php file: 

    add_filter( 'eeb/validate/random_encoding', 'validate_only_email', 10, 3 );
function validate_only_email( $rand, $email, $protection_text ){
	return 1;
}

    If you have further questions, please let me know.

    • This reply was modified 4 years, 4 months ago by Ironikus.
    Thread Starter florianbeck

    (@florianbeck)

    4 years, 4 months ago

    Hi @ironikus,

    this works fine and solves my problem with the CSP header.

    Thank you!

    Plugin Author Ironikus

    (@ironikus)

    4 years, 4 months ago

    Hi @florianbeck – thank you for the feedback, happy it works! 🙂

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Email Encoder using unsafe eval()’ is closed to new replies.