yannkuesthardt/laravel-spamprotect

Encrypt e-mail addresses and phone numbers to protect against unwanted crawlers & spam.

Maintainers

Details

github.com/yannkuesthardt/Laravel-SpamProtect

Source

Issues

Installs: 489

Dependents: 0

Suggesters: 0

Security: 0

Stars: 2

Watchers: 1

Forks: 2

Open Issues: 0

2.0.1 2025-02-21 20:00 UTC

Requires

Requires (Dev)

MIT ac288c7c4adf9f640e08ce8e6946c289d78cb224

laravelyannkuesthardtlaravel-spamprotect

This package is auto-updated.

Last update: 2025-04-21 20:17:25 UTC

README

Latest Version on Packagist Total Downloads License GitHub Build Status

Laravel SpamProtect is a simple package, that encrypts email addresses and phone numbers to protect them against unwanted crawlers and spam.

It encrypts the target of your link and uses JS to decrypt it on the client side. This way, the email address is not visible in the HTML source code and can't be crawled by bots reading hrefs.

Additionally, some common chars used in e-mail addresses and phone numbers are replaced with HTML entities to make it even harder for bots to crawl.

<a href="#" data-spamprotect-token="eyJjdCI6Ijky...">
    hello@example.com
</a>

Security Note: Do not use this extension to pass sensitive data to the frontend. The encryption is only meant to stop crawlers and can easily be circumvented by a human.

Installation

Requirements

  • PHP 8.1 or higher
  • Laravel 10.0 or higher

Getting Started

You can install the package via composer:

composer require yannkuesthardt/laravel-spamprotect

Run the installation command to generate a new encryption key and clear necessary caches.

php artisan spamprotect:install

Add the following two blade directives somewhere in your HTML body tag.

@spamprotectKey
@spamprotectJs

Hint: Optionally you can override the default path to the JavaScript file: @spamprotectJs('your/custom/path/to/spamprotect/spamprotect.js')

Upgrade

Upgrade from v1 to v2

A few things have changed since version 1, so please read this carefully to avoid any issues.

If you used v1 in the past, you needed to publish our JavaScript to be accessible via @spamprotectJs. We have now added routing to the package, so you can just use @spamprotectJs without publishing our JavaScript first. If you have set a custom path via the blade directive or the config, remove it to get the default JavaScript via route. You may have to republish the config file, depending on your setup.

Additionally, in v1 you needed to install CryptoJS and require it in your own JavaScript first. As CryptoJS has been discontinued and most browsers offer native support with tools such as Crypto, we have rebuilt this extension to work with native JavaScript. For our new JavaScript to work either use @spamprotectJs without any custom path to access the new routing to our default JavaScript or republish the JavaScript file yourself. If not used anywhere else in your project feel free to completely remove CryptoJS.

Usage

E-Mail Address

To encrypt an email address use the following blade component:

<x-encrypt-email email="hello@example.com"/>

This will result in the following HTML code:

<a href="#" data-spamprotect-token="aVN2anJHTHJL...">
    hello@example.com
</a>

Phone Number

To encrypt a phone number use the following blade component:

<x-encrypt-phone phone="+1234567890"/>

This will result in the following HTML code:

<a href="#" data-spamprotect-token="xaVBiZU9rbUR...">
    +1 234 567890
</a>

Custom Text

You can also use a custom text for the link:

<x-encrypt-email email="hello@example.com">
    My Cutom Text
</x-encrypt-email>

This will result in the following HTML code:

<a href="#" data-spamprotect-token="eyJjdCI6Ilk4...">
    My Custom Text
</a>

Attributes

You can add HTML attributes (e.g. class, id, etc.) to the generated code by passing them to the components.

<x-encrypt-email class="my-class" id="my-id" ...

This will result in the following HTML code:

<a class="my-class" id="my-id" ...

Customization

You can generate a new encryption key using:

php artisan spamprotect:key

You can publish the config using:

php artisan vendor:publish --tag="laravel-spamprotect-config"

In the config you can customize the URL used for the default JavaScript or override the path completely.

You can publish the assets (javascript) using:

php artisan vendor:publish --tag="laravel-spamprotect-assets"

You can publish the views using

php artisan vendor:publish --tag="laravel-spamprotect-views"

Contributing

Feel free to suggest changes, ask for new features or fix bugs yourself. We're sure there are a lot of improvements that could be made, and we would be very happy to merge useful pull requests. Thanks!

Testing

PHPUnit

composer test

PHPStan

composer phpstan

Security Vulnerabilities

Please review our security policy on how to report security vulnerabilities.

Changelog

Please see CHANGELOG for more information on what has changed recently.

License

The MIT License (MIT). Please see License File for more information.