← Back to blog home

Weird javascript / cdata in e-mail fields on wordpress blog possible xss or injection

06 Nov

So I started noticing odd code in the e-mail fields of the comments on my wordpress blog recently and I was certain it was some sort of injection or cross site scripting attempt. It turns out it's not anything like that. It was just the email obfuscation feature of cloud flare. So if you're reading this because you are seeing similar on your wordpress blog in the e-mail fields of your comments and you're using Cloud Flare. Go to Cloud Flare and turn off E-mail address obfuscation under security settings. Problem solved.

 

Code I was seeing:

<![CDATA[ */
(function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");
a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){
c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);
}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
 /* ]]> */

 

Setting you need to disable on cloud flare:

Screen Shot 2013-11-06 at 7.40.04 PM

 

Tags: , , , , , ,

Leave a Reply

Notify me of future comments

(I don't spam or share your e-mail. Unsubscribing is as easy as clicking the "unsubscribe" link in the notifications)