← Back to blog home

Weird javascript / cdata in e-mail fields on wordpress blog possible xss or injection

06 Nov

So I started noticing odd code in the e-mail fields of the comments on my wordpress blog recently and I was certain it was some sort of injection or cross site scripting attempt. It turns out it's not anything like that. It was just the email obfuscation feature of cloud flare. So if you're reading this because you are seeing similar on your wordpress blog in the e-mail fields of your comments and you're using Cloud Flare. Go to Cloud Flare and turn off E-mail address obfuscation under security settings. Problem solved.

 

Code I was seeing:

<![CDATA[ */
(function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");
a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){
c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);
}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
 /* ]]> */

 

Setting you need to disable on cloud flare:

Screen Shot 2013-11-06 at 7.40.04 PM

 

Tags: , , , , , ,

Leave a Reply

Notify me of future comments

(I don't spam or share your e-mail. Unsubscribing is as easy as clicking the "unsubscribe" link in the notifications)
 

 

 
  1. Mike

    November 12, 2014 at 9:14 pm

    Thanks for this. Couldn’t find out where this code was coming from in my wp theme. I was going to totally disable Cloudflare until I saw your post.