search

quarto-dev / quarto-cli

Open-source scientific and technical publishing system built on Pandoc.
https://quarto.org
Other
3.61k stars 294 forks source link

Obfuscation of email does not work in Navbar or Sidebar of Website #10023

Open Mavoort opened 1 month ago

Mavoort commented 1 month ago

Bug description

To protect your email against spammers, it is a good idea to obfuscate hyperlinks that contain your email address. According to the documentation this can be achieved with by setting email-obfuscation: true as a format option.

For normal emails which are written somewhere inside of text this works fine.

The problem is that the email obfuscation does not apply to emails that are specified as YAML-options. So email addresses in the navbar or sidebar of a website are still in danger. Email links in on the about page are also not obfuscated.

Steps to reproduce

Create a website with a navbar, sidebar and an about page, like this:

Content of _quarto.yaml:

project:
  type: website

website:
  navbar:
    right:
      - icon: envelope
        aria-label: email
        href: "mailto:apple@mail.com"
  sidebar:
    style: "docked"
    contents:
      - text: contact me
        href: "mailto:banana@mail.com"
format:
  html:
    email-obfuscation: javascript

Content of about.qmd:

---
about:
  template: jolla
  links:
   - icon: envelope
     text: Email
     href: "mailto:clementine@mail.com"
format: html
---

Contact: [email](mailto:jackfruit@mail.com)

Keep in mind that debugging this with the inspect tool in the browser doesn't work. To see which emails are obfuscated and which aren't, open the generated website _site/about.html in an editor.

Expected behavior

All 4 email addresses should be obfuscated with JavaScript.

Actual behavior

Only jackfruit@mail.com is obfuscated; the other emails are still accessible to web crawlers and spammers.

Your environment

No response

Quarto check output

Quarto 1.4.554
[✓] Checking versions of quarto binary dependencies...
      Pandoc version 3.1.11: OK
      Dart Sass version 1.69.5: OK
      Deno version 1.37.2: OK
[✓] Checking versions of quarto dependencies......OK
[✓] Checking Quarto installation......OK
      Version: 1.4.554
      Path: /opt/quarto/bin

[✓] Checking tools....................OK
      TinyTeX: (not installed)
      Chromium: (not installed)

[✓] Checking LaTeX....................OK
      Using: Installation From Path
      Path: /usr/bin
      Version: 2023

[✓] Checking basic markdown render....OK

[✓] Checking Python 3 installation....OK
      Version: 3.11.6
      Path: /usr/bin/python3
      Jupyter: 5.3.1
      Kernels: julia-1.10, python3, sagemath

[✓] Checking Jupyter engine render....OK

[✓] Checking R installation...........OK
      Version: 4.3.1
      Path: /usr/lib/R
      LibPaths:
        - /home/marcel/R/x86_64-pc-linux-gnu-library/4.3
        - /usr/local/lib/R/site-library
        - /usr/lib/R/site-library
        - /usr/lib/R/library
      knitr: 1.43
      rmarkdown: 2.23

[✓] Checking Knitr engine render......OK
Mavoort commented 1 month ago

This bug was first mentioned in this discussion, where @cderv suggested to open a new issue for this.