Laravel SpamProtect is a simple package, that encrypts email addresses and phone numbers to protect them against unwanted crawlers and spam.
It encrypts the target of your link and uses JS to decrypt it on the client side. This way, the email address is not visible in the HTML source code and can't be crawled by bots reading hrefs.
Additionally, some common chars used in e-mail addresses and phone numbers are replaced with HTML entities to make it even harder for bots to crawl.
<a href="#" data-spamprotect-token="eyJjdCI6Ijky...">
[email protected]
</a>Security Note: Do not use this extension to pass sensitive data to the frontend. The encryption is only meant to stop crawlers and can easily be circumvented by a human.
- PHP 8.1 or higher
- Laravel 10.0 or higher
You can install the package via composer:
composer require yannkuesthardt/laravel-spamprotectRun the installation command to generate a new encryption key and clear necessary caches.
php artisan spamprotect:installAdd the following two blade directives somewhere in your HTML body tag.
@spamprotectKey
@spamprotectJsHint: Optionally you can override the default path to the JavaScript file: @spamprotectJs('your/custom/path/to/spamprotect/spamprotect.js')
A few things have changed since version 1, so please read this carefully to avoid any issues.
If you used v1 in the past, you needed to publish our JavaScript to be accessible via @spamprotectJs. We have now
added routing to the package, so you can just use @spamprotectJs without publishing our JavaScript first. If you
have set a custom path via the blade directive or the config, remove it to get the default JavaScript via route. You
may have to republish the config file, depending on your setup.
Additionally, in v1 you needed to install CryptoJS and require it in your
own JavaScript first. As CryptoJS has been discontinued and most browsers offer native support with tools such as
Crypto, we have rebuilt this extension to work with native
JavaScript. For our new JavaScript to work either use @spamprotectJs without any custom path to access the new
routing to our default JavaScript or republish the JavaScript file yourself. If not used anywhere else in your project
feel free to completely remove CryptoJS.
To encrypt an email address use the following blade component:
<x-encrypt-email email="[email protected]"/>This will result in the following HTML code:
<a href="#" data-spamprotect-token="aVN2anJHTHJL...">
[email protected]
</a>To encrypt a phone number use the following blade component:
<x-encrypt-phone phone="+1234567890"/>This will result in the following HTML code:
<a href="#" data-spamprotect-token="xaVBiZU9rbUR...">
+1 234 567890
</a>You can also use a custom text for the link:
<x-encrypt-email email="[email protected]">
My Cutom Text
</x-encrypt-email>This will result in the following HTML code:
<a href="#" data-spamprotect-token="eyJjdCI6Ilk4...">
My Custom Text
</a>You can add HTML attributes (e.g. class, id, etc.) to the generated code by passing them to the components.
<x-encrypt-email class="my-class" id="my-id" ...This will result in the following HTML code:
<a class="my-class" id="my-id" ...You can generate a new encryption key using:
php artisan spamprotect:keyYou can publish the config using:
php artisan vendor:publish --tag="laravel-spamprotect-config"In the config you can customize the URL used for the default JavaScript or override the path completely.
You can publish the assets (javascript) using:
php artisan vendor:publish --tag="laravel-spamprotect-assets"You can publish the views using
php artisan vendor:publish --tag="laravel-spamprotect-views"Feel free to suggest changes, ask for new features or fix bugs yourself. We're sure there are a lot of improvements that could be made, and we would be very happy to merge useful pull requests. Thanks!
PHPUnit
composer testPHPStan
composer phpstanPlease review our security policy on how to report security vulnerabilities.
Please see CHANGELOG for more information on what has changed recently.
The MIT License (MIT). Please see License File for more information.