react-protected-text
Advanced tools
React component for text & link protection against web crawlers / bots
npm install react-protected-text
Do you want to display text (name, phone, address) or link (email) but prevent web crawlers from stealing them from your website ? If you just simply publish an email address on a website you can expect tons of spam. This is why you have to make sure you never add your email or phone to any website as plain text which is visible by bots.
The component uses a mixture of pure text in HTML and CSS. The text is partially rendered in reverse in HTML and the rest is prepend/append by CSS. CSS will then reverse all text again. Link URL is obfuscated until an onClick event occur. This making the text or link useless for spammers, but user friendly on a browser.
Under the hood, it uses the duo of CSS properties unicode-bidi: bidi-override; and direction: rtl;
import React from 'react';
import ReactDOM from 'react-dom';
import ProtectedText from 'react-protected-text';
ReactDOM.render(<ProtectedText text="Hello World!" />, document.body);
<span class="protected-text">
<style type="text/css">
* {
unicode-bidi: bidi-override; direction: rtl;
}
.protected-text > *:before {
content: "!dlr"
}
.protected-text > *:after {
content: "lleH"
}
</style>
<span>oW o</span>
</span>
<span>Hello World!</span>
import React from 'react';
import ReactDOM from 'react-dom';
import ProtectedText from 'react-protected-text';
ReactDOM.render(
<ProtectedText
text="hello@world.com"
href="mailto:hello@world.com"
hrefHeaders={{ subject: 'Contact', cc: 'john@doe.com' }}
/>,
document.body,
);
<span class="protected-text">
<style type="text/css">
* {
unicode-bidi: bidi-override; direction: rtl;
}
*:before {
content: "moc.d"
}
*:after {
content: "olleh"
}
</style>
<a href="https://click">lrow@</a>
</span>
<a href="mailto:hello@world.com?subject=Contact@cc=john@doe.com">hello@world.com</a>
Using CSS unicode-bidi: bidi-override; and direction: rtl; will cause one drawback: The user can no longer copy text to clipboard. This is a small price to pay in my view.
| Prop | Type | Default | Description |
|---|---|---|---|
| text | string | '' | The text to display |
| href | string | '' | Target URL for link. Support of mailto:, tel:, sms:, :facetime, ect. |
| onlyHTML | bool | false | Prevent use of CSS pseudo-class. Obfuscation is done only in HTML. This will reduce level of protection. |
| hrefHeaders | object | null | Parameters added to URL: subject, cc, bcc, body, ect. |
| className | string | '' | Custom class name |
| protectedHref | string | 'https://click' | URL to show when obfuscated |
Component was tested on following browsers:
This solution will work while crawlers do not detect it. Technicaly it is still possible to retrieve whole text but the component makes it harder.
FAQs
Protect text or link against web crawlers / bots
We found that react-protected-text demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.