jekyll-email-munge 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: a195700b73387bb7376e55b8d78320a4e06bb9e39efd706b7d67e55b15f8dc9f
+  data.tar.gz: 7b4cfd8a031f7d330369f7fe4783d2cc4700899daf7068353b5dcaa4e6b155dc
+SHA512:
+  metadata.gz: 96dc1c53c43e50d0b108218987b025acf51a5b42206b464e48e65d17023d806f72df38b20015c74877a7e03d21c16bb7f7050eb9ffb8b7f240915dc2aa9fccfd
+  data.tar.gz: 14fec56e4bd3a03639a6b3e76451ffdc02f444923e55386fc064e1129b21d967eaf60bbb070bd47ab1c0473a65e294a8520c35454915ad3ba7621c67f179920d

data/CHANGELOG.md

@@ -0,0 +1,26 @@
+# Changelog
+
+All notable changes to **jekyll-email-munge** are tracked here. The format
+follows [Keep a Changelog](https://keepachangelog.com/) and the project adheres
+to [Semantic Versioning](https://semver.org/).
+
+## [Unreleased]
+
+## [0.1.0] — 2026-05-06
+
+### Added
+- `{% munge_email "email" %}` Liquid tag — emits an `<a class="liame">` with an
+  AES-128-GCM ciphertext payload, a CSS-hidden decoy span, and an inline-SVG
+  noscript fallback. Source-code names use the readable `munge_email` form;
+  rendered HTML uses `liame` (`email` reversed) so a scraper regex for
+  `email|mail|mailto|contact` finds nothing in the served output.
+- `{% munge_email_script %}` Liquid tag — emits the inline JS decoder (Web
+  Crypto AES-GCM) that reveals the address on click. `KEY_HEX` is interpolated
+  from `_config.yml` at build time.
+- Configuration via `_config.yml` under the `email_munge:` key (`key_hex`,
+  `svg_color`, `decoy`).
+- Deterministic IV derivation (per-email SHA-256) so build output is stable
+  across rebuilds without sacrificing GCM safety.
+
+[Unreleased]: https://github.com/framallo/jekyll-email-munge/compare/v0.1.0...HEAD
+[0.1.0]: https://github.com/framallo/jekyll-email-munge/releases/tag/v0.1.0

data/LICENSE.txt

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Federico Ramallo
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,368 @@
+# jekyll-email-munge
+
+Five-layer **email address munging** for Jekyll. Drop a Liquid tag, get a
+`mailto:` link that looks normal to humans and ciphertext to scrapers.
+
+```liquid
+{% munge_email "you@example.com" %}
+```
+
+renders as something like:
+
+```html
+<a href="#" class="liame"
+   data-liame="dDNiRy9OZGNYS3p1OWp0WnFM3VkIVJYNHNicw=="
+   rel="nofollow">Reach<span class="liame-decoy" aria-hidden="true">no-reply@spam.invalid</span> out</a>
+<noscript> (or use the address shown here:
+  <svg ...><text>you@example.com</text></svg>)
+</noscript>
+```
+
+Click the link in a real browser → it opens `mailto:you@example.com`. View the
+HTML source as a scraper → you see ciphertext, decoy noise, and an SVG.
+
+> **Two namespaces, by design.** The Liquid tag (`munge_email`) and the config
+> key (`email_munge`) are clear, discoverable names — they only ever appear in
+> your **source code**. The **rendered HTML** uses `liame` (`email` reversed)
+> for every class and attribute a scraper might regex for. Source code stays
+> readable; rendered output stays scraper-hostile.
+
+---
+
+## What is "address munging"?
+
+[Address munging](https://en.wikipedia.org/wiki/Address_munging) is the
+canonical term — going back to early Usenet — for *defending an email address
+on a public surface against bulk harvesters*, by any combination of encoding,
+scrambling, encryption, decoy, or visual substitution. It deliberately covers
+the whole spectrum from `name AT domain DOT com` to "encrypted blob revealed
+on click," and that's exactly the spectrum this gem operates on.
+
+We use the term over alternatives like *obfuscate* (undersells the encryption)
+or *encrypt* (oversells it — the key is public on purpose) because munging is
+the only word that's both technically and historically correct.
+
+---
+
+## Why
+
+Email addresses on public sites are harvested by bots within hours of being
+indexed. Most "munging" approaches (HTML entities, percent-encoding, JavaScript
+concatenation, image rendering) defeat *some* harvesters but not others. This
+gem stacks **five independently-effective** techniques from
+[Spencer Mortensen's email obfuscation study][study] — each blocked 100% of
+tested harvesters on its own:
+
+1. **AES-128-GCM encryption.** The HTML carries ciphertext only. Even if a
+   scraper extracts the `data-liame` attribute, decrypting it requires the key
+   *and* a JavaScript runtime.
+2. **JS conversion.** The decryption logic runs in the browser via Web Crypto.
+   Scrapers without a JS engine see only the encrypted blob.
+3. **User-interaction trigger.** Decryption only fires on `click`. Headless
+   bots that *do* execute JS but don't simulate user input never see the
+   address.
+4. **CSS-hidden decoy.** A fake address (`no-reply@spam.invalid` by default)
+   sits inside the link with `display: none`, visible to scrapers that strip
+   tags but hidden from sighted users.
+5. **SVG `<noscript>` fallback.** For visitors without JavaScript, the address
+   appears as text inside an inline `<svg><text>` element. Most regex-based
+   harvesters don't OCR or parse SVG.
+
+[study]: https://spencermortensen.com/articles/email-obfuscation/
+
+The goal is *defeating scrapers, not hiding the address from a determined
+human.* The encryption key is published in plain sight (it has to be — the
+browser needs it to decrypt). The win is that automated harvesters give up
+long before they reach a working address.
+
+---
+
+## Installation
+
+Add to your site's `Gemfile`:
+
+```ruby
+group :jekyll_plugins do
+  gem "jekyll-email-munge"
+end
+```
+
+…then `bundle install`.
+
+If your site doesn't use Bundler, add to `_config.yml`:
+
+```yaml
+plugins:
+  - jekyll-email-munge
+```
+
+> Hosted on **GitHub Pages**? Custom plugins aren't allowed there — deploy via
+> Cloudflare Pages, Netlify, or `gh-pages` with a CI build instead.
+
+### Configuration
+
+Add an `email_munge` block to `_config.yml`:
+
+```yaml
+email_munge:
+  # 32 hex chars = 16 bytes = AES-128 key. Generate one with:
+  #   ruby -ropenssl -e 'puts OpenSSL::Random.random_bytes(16).unpack1("H*")'
+  key_hex: "84afaaa6886a7b0d195454cc559795cb"
+
+  # Optional. Color of the noscript SVG fallback text.
+  svg_color: "#9c3f1d"
+
+  # Optional. The fake address shown inside the (CSS-hidden) decoy span.
+  decoy: "no-reply@spam.invalid"
+```
+
+Then add the decoder script once per page — typically just before `</body>` in
+your default layout:
+
+```liquid
+<!-- _layouts/default.html -->
+{% munge_email_script %}
+</body>
+```
+
+Finally, add a tiny CSS rule to hide the decoy span and align the SVG fallback.
+Drop these into your stylesheet:
+
+```css
+.liame-decoy { display: none; }
+.liame-svg   { vertical-align: middle; pointer-events: none; }
+```
+
+That's the entire setup. You're done.
+
+---
+
+## Usage
+
+Drop the tag wherever you'd normally write a `<a href="mailto:…">`:
+
+```liquid
+{% munge_email "support@yourdomain.com" %}
+```
+
+Default visible link text is `Reach out`. To change it, pass a second argument
+with `|` marking where the decoy span gets injected:
+
+```liquid
+{% munge_email "support@yourdomain.com" "Get|in touch" %}
+{% munge_email "press@yourdomain.com" "Contact|the press team" %}
+{% munge_email "hello@yourdomain.com" "Email|us" %}
+```
+
+Renders as:
+
+```
+Get<decoy> in touch
+Contact<decoy> the press team
+Email<decoy> us
+```
+
+Without the `|`, the entire string is used as visible text and an empty decoy
+follows — works fine, but splitting the text gives the decoy more cover.
+
+### Why split the text?
+
+The decoy span sits *inside* the visible link and is hidden with
+`display: none`. A scraper that reads the rendered DOM (or strips CSS) sees:
+
+```
+Get no-reply@spam.invalid in touch
+```
+
+Splitting the visible text means the decoy is interleaved with real text rather
+than appended at the end — slightly harder for a scraper to recognize and strip.
+
+---
+
+## How it works (under the hood)
+
+### 1. Build time (Ruby)
+
+When Jekyll renders `{% munge_email "user@example.com" %}`:
+
+1. The plugin reads `email_munge.key_hex` from `_config.yml`.
+2. It derives a deterministic IV from the email + key
+   (`SHA-256("liame-iv:<key_hex>:<email>")[0..11]`).
+3. It encrypts the email with **AES-128-GCM**, packs `iv | ciphertext | auth_tag`,
+   and base64-encodes the result.
+4. It emits the `<a>` element with the base64 payload in `data-liame`, the
+   decoy `<span>`, and an inline `<svg>` fallback.
+
+The deterministic IV means rebuilds produce identical output — your git diffs
+stay quiet and your CDN cache doesn't get invalidated on every build. IV reuse
+with the *same* plaintext under the same key is safe under AES-GCM; reuse with
+*different* plaintexts is what's catastrophic, and that doesn't happen here
+because each email gets its own derived IV.
+
+### 2. Page load (JavaScript)
+
+`{% munge_email_script %}` emits an inline `<script>` that:
+
+1. Reads `KEY_HEX` (baked into the script at build time).
+2. Attaches a `click` listener to every `[data-liame]` element.
+3. On click: base64-decodes, splits into IV / ciphertext / tag, calls
+   `crypto.subtle.decrypt` (Web Crypto API), and navigates to
+   `mailto:<decrypted>`.
+
+The script is ~700 bytes minified and inlined — no extra request, no `defer`
+race. It only does anything if the user actually clicks a munged link.
+
+### 3. The `liame` naming convention (in rendered output)
+
+This is the central trick. **Anything a scraper can see in the rendered HTML**
+uses `liame` (`email` reversed) instead of `email` / `mail` / `mailto` /
+`contact`, so a regex grep for those tokens finds nothing in the output. The
+plugin guarantees this by construction:
+
+| Element                  | Class / attribute name |
+| ------------------------ | ---------------------- |
+| Anchor                   | `class="liame"`        |
+| Encrypted payload        | `data-liame="..."`     |
+| Hidden decoy span        | `class="liame-decoy"`  |
+| Fallback SVG             | `class="liame-svg"`    |
+| `aria-label` on the SVG  | `contact`              |
+
+The visible link text in the *default* output (`Reach out`) deliberately avoids
+the words "email" or "mail" — keep that property when you customize the text.
+
+**Source code is exempt** from this convention because scrapers don't read your
+Liquid templates or `_config.yml`. The tag (`munge_email`) and config key
+(`email_munge`) are written for human readability:
+
+| Source-code thing        | Reads as                   | Visible to scrapers? |
+| ------------------------ | -------------------------- | -------------------- |
+| Liquid tag               | `{% munge_email %}`        | No (build-time only) |
+| Config key               | `email_munge:`             | No                   |
+| Decoder script tag       | `{% munge_email_script %}` | No                   |
+
+### 4. Where the key lives
+
+There is **one** key, set in `_config.yml`. The plugin uses it to encrypt at
+build time, and `{% munge_email_script %}` interpolates it into the inline JS
+so the browser can decrypt. The key is therefore visible to anyone viewing the
+page source — that's intentional. The encryption is a scraper-defeating layer,
+not a secrecy mechanism.
+
+If you want to **rotate the key**, generate a new one and update `key_hex` in
+`_config.yml`. All existing payloads automatically re-encrypt on the next build
+because the plugin re-runs.
+
+---
+
+## Customization
+
+### Per-link visible text
+
+Already covered above:
+
+```liquid
+{% munge_email "user@example.com" "Custom|visible text" %}
+```
+
+### Different decoy text
+
+In `_config.yml`:
+
+```yaml
+email_munge:
+  decoy: "abuse@spam-trap.invalid"
+```
+
+Or pick something amusing — it's only seen by scrapers.
+
+### SVG fallback color
+
+```yaml
+email_munge:
+  svg_color: "#3dff9a"   # match your accent
+```
+
+### Multiple sites, one key
+
+If you run several sites and want a single key for all of them, use the same
+`key_hex` value in each site's `_config.yml`. Encrypted payloads are
+interchangeable; the same `munge_email_script` decoder works on all of them.
+
+If you rotate the key on one site, you must rotate it on all of them — the
+deterministic IV depends on the key, so old ciphertext won't decrypt with a
+new key.
+
+---
+
+## Browser support
+
+The decoder uses **Web Crypto** (`crypto.subtle`), which has been available in
+all major browsers since 2016. On legacy browsers without it, clicking the
+munged link does nothing — but those users see the inline SVG fallback in
+the `<noscript>` block (or, more practically, no `<noscript>` users have a
+browser without Web Crypto).
+
+If you need to support pre-2016 browsers, this gem isn't the right tool.
+
+---
+
+## Security notes
+
+This gem provides **scraper resistance**, not encryption-grade secrecy. In
+particular:
+
+- The key is published in JS. Anyone who reads the rendered HTML can decrypt
+  every payload on the page. That's intentional and required for the design.
+- AES-128 is used because the goal is to require *any* AES decryption, not
+  because the threat model needs 256-bit keys. If you ever need to actually
+  protect the addresses, this gem is the wrong tool — don't put the addresses
+  on the public site at all.
+- The deterministic IV is safe specifically because each email gets its own
+  derived IV. Don't modify the IV derivation to use a constant — that would
+  be a real GCM misuse.
+
+---
+
+## Comparison with alternatives
+
+| Approach                                         | Layers | Maintenance       |
+| ------------------------------------------------ | ------ | ----------------- |
+| Plain `mailto:` link                             | 0      | Easiest, harvested instantly |
+| HTML entities / hex encoding                     | 1      | Defeats only naïve regex |
+| `jekyll-email-protect` (percent-encoded mailto)  | 1      | One filter, low ceremony |
+| Concatenated JS string                           | 2      | Harvested by JS-aware bots |
+| **jekyll-email-munge (this gem)**                | **5**  | One Liquid tag, build-time encryption |
+| Pure image (e.g., a screenshot of the email)     | 1      | OCR-defeated, terrible UX |
+
+---
+
+## Development
+
+```bash
+git clone https://github.com/framallo/jekyll-email-munge.git
+cd jekyll-email-munge
+bundle install
+rake build         # produces pkg/jekyll-email-munge-X.Y.Z.gem
+```
+
+To install your local checkout into a Jekyll site for testing:
+
+```ruby
+# Gemfile in the consumer site
+gem "jekyll-email-munge", path: "../jekyll-email-munge"
+```
+
+### Releasing
+
+1. Bump `Jekyll::EmailMunge::VERSION` in [lib/jekyll-email-munge/version.rb](lib/jekyll-email-munge/version.rb).
+2. Add a section to [CHANGELOG.md](CHANGELOG.md).
+3. Commit and tag: `git commit -am "release vX.Y.Z" && git tag vX.Y.Z`
+4. `rake release` (Bundler task — builds, tags, pushes to RubyGems).
+
+You'll need a [RubyGems.org account with MFA enabled](https://guides.rubygems.org/setting-up-multifactor-authentication/) before pushing.
+
+---
+
+## License
+
+[MIT](LICENSE.txt) © Federico Ramallo

data/jekyll-email-munge.gemspec

@@ -0,0 +1,41 @@
+require_relative "lib/jekyll-email-munge/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "jekyll-email-munge"
+  spec.version       = Jekyll::EmailMunge::VERSION
+  spec.authors       = ["Federico Ramallo"]
+  spec.email         = ["framallo@gmail.com"]
+
+  spec.summary       = "Address-munge email links in Jekyll: AES-encrypted payloads, decoy text, click-to-reveal, SVG fallback."
+  spec.description   = <<~DESC
+    A Jekyll plugin for address munging — defending email addresses on public
+    sites against bulk harvesters. Stacks five independently-effective
+    techniques (AES-128-GCM encryption, JS conversion, click trigger,
+    CSS-hidden decoy, SVG noscript fallback) so scrapers see ciphertext while
+    humans see a normal mailto link. Drop in a Liquid tag —
+    `{% munge_email "user@example.com" %}` — and the plugin handles encryption
+    at build time, the decoder script, and the fallback markup.
+  DESC
+  spec.homepage      = "https://github.com/framallo/jekyll-email-munge"
+  spec.license       = "MIT"
+  spec.required_ruby_version = ">= 2.7.0"
+
+  spec.metadata["homepage_uri"]      = spec.homepage
+  spec.metadata["changelog_uri"]     = "#{spec.homepage}/blob/main/CHANGELOG.md"
+  spec.metadata["bug_tracker_uri"]   = "#{spec.homepage}/issues"
+  spec.metadata["documentation_uri"] = "#{spec.homepage}#readme"
+
+  spec.files = Dir[
+    "lib/**/*",
+    "README.md",
+    "LICENSE.txt",
+    "CHANGELOG.md",
+    "jekyll-email-munge.gemspec"
+  ]
+  spec.require_paths = ["lib"]
+
+  spec.add_runtime_dependency "jekyll", ">= 3.7", "< 5.0"
+
+  spec.add_development_dependency "bundler", "~> 2.0"
+  spec.add_development_dependency "rake",    "~> 13.0"
+end

data/lib/jekyll-email-munge/decoder.js

@@ -0,0 +1 @@
+(function(){var K='__KEY_HEX__';function h(s){var o=new Uint8Array(s.length/2);for(var i=0;i<s.length;i+=2)o[i/2]=parseInt(s.substr(i,2),16);return o}function b(s){var bin=atob(s),o=new Uint8Array(bin.length);for(var i=0;i<bin.length;i++)o[i]=bin.charCodeAt(i);return o}async function r(e){e.preventDefault();var el=e.currentTarget,p=el.getAttribute('data-liame');if(!p||!window.crypto||!window.crypto.subtle)return;try{var d=b(p),iv=d.slice(0,12),ct=d.slice(12),k=await crypto.subtle.importKey('raw',h(K),{name:'AES-GCM'},false,['decrypt']),pt=await crypto.subtle.decrypt({name:'AES-GCM',iv:iv},k,ct);window.location.href='mailto:'+new TextDecoder().decode(pt)}catch(_){}}document.addEventListener('DOMContentLoaded',function(){document.querySelectorAll('[data-liame]').forEach(function(el){el.addEventListener('click',r)})})})();

data/lib/jekyll-email-munge/munge_email_script_tag.rb

@@ -0,0 +1,32 @@
+module Jekyll
+  module EmailMunge
+    # {% munge_email_script %}
+    #
+    # Emits the inline <script> that decrypts {% munge_email %} payloads on
+    # click. Call this once per page (typically just before </body> in your
+    # default layout). It reads email_munge.key_hex from _config.yml and bakes
+    # it into the script — that key is intentionally public; the goal is
+    # defeating scrapers, not hiding the address from a determined human.
+    class MungeEmailScriptTag < ::Liquid::Tag
+      DECODER_PATH = File.expand_path("decoder.js", __dir__).freeze
+
+      def render(context)
+        key_hex = context.registers[:site].config.dig("email_munge", "key_hex")
+        unless key_hex
+          raise "jekyll-email-munge: email_munge.key_hex missing in _config.yml"
+        end
+
+        js = decoder_source.gsub("__KEY_HEX__", key_hex)
+        %(<script>#{js}</script>)
+      end
+
+      private
+
+      def decoder_source
+        @@decoder_source ||= File.read(DECODER_PATH).rstrip
+      end
+    end
+  end
+end
+
+::Liquid::Template.register_tag("munge_email_script", Jekyll::EmailMunge::MungeEmailScriptTag)

data/lib/jekyll-email-munge/munge_email_tag.rb

@@ -0,0 +1,105 @@
+require "openssl"
+require "base64"
+require "cgi"
+require "digest"
+
+module Jekyll
+  module EmailMunge
+    # {% munge_email "user@example.com" %}
+    # {% munge_email "user@example.com" "Get|in touch" %}
+    #
+    # Renders a "munged" mailto link at build time. The address is encrypted
+    # with AES-128-GCM (key from _config.yml -> email_munge.key_hex) so only
+    # ciphertext appears in the served HTML. A CSS-hidden decoy span sits inside
+    # the link and a <noscript> inline-SVG fallback handles JS-disabled visitors.
+    #
+    # The "|" in the visible text marks where the decoy span is injected.
+    # Default text is "Reach|out" -> "Reach<decoy/> out".
+    #
+    # Naming convention note:
+    #   The Liquid tag name (`munge_email`) and config key (`email_munge`) only
+    #   appear in source code, never in the served HTML. The rendered output
+    #   uses `liame` (`email` reversed) for every class/attribute a scraper
+    #   might regex for: class="liame", data-liame, .liame-decoy, .liame-svg.
+    #
+    # See README for the companion {% munge_email_script %} tag and CSS.
+    class MungeEmailTag < ::Liquid::Tag
+      SYNTAX = /^\s*"([^"]+)"(?:\s+"([^"]+)")?\s*$/.freeze
+
+      def initialize(tag_name, markup, tokens)
+        super
+        m = markup.match(SYNTAX)
+        unless m
+          raise SyntaxError, %(jekyll-email-munge: tag syntax is {% munge_email "email" ["visible|text"] %})
+        end
+        @email = m[1]
+        @text = m[2] || "Reach|out"
+      end
+
+      def render(context)
+        cfg = (context.registers[:site].config["email_munge"] || {})
+        key_hex = cfg["key_hex"]
+        unless key_hex
+          raise "jekyll-email-munge: email_munge.key_hex missing in _config.yml. " \
+                "Generate one with `ruby -ropenssl -e 'puts OpenSSL::Random.random_bytes(16).unpack1(\"H*\")'`"
+        end
+        unless key_hex =~ /\A[0-9a-fA-F]{32}\z/
+          raise "jekyll-email-munge: email_munge.key_hex must be 32 hex characters (16 bytes / AES-128)"
+        end
+
+        decoy = cfg["decoy"] || "no-reply@spam.invalid"
+        svg_color = cfg["svg_color"] || "#9c3f1d"
+
+        payload = encrypt(@email, key_hex)
+        before, after = split_text(@text)
+        svg = inline_svg(@email, svg_color)
+
+        esc = ->(s) { CGI.escapeHTML(s) }
+        %(<a href="#" class="liame" data-liame="#{esc.call(payload)}" rel="nofollow">) +
+          %(#{esc.call(before)}) +
+          %(<span class="liame-decoy" aria-hidden="true">#{esc.call(decoy)}</span>) +
+          %(#{esc.call(after)}</a>) +
+          %(<noscript> (or use the address shown here: #{svg})</noscript>)
+      end
+
+      private
+
+      # "Reach|out"      -> ["Reach", " out"]
+      # "Get|in touch"   -> ["Get", " in touch"]
+      # "Email me"       -> ["Email me", ""]    # no "|" present
+      def split_text(text)
+        return [text, ""] unless text.include?("|")
+        left, right = text.split("|", 2)
+        right = " #{right}" unless right.empty? || right.start_with?(" ")
+        [left, right]
+      end
+
+      # Deterministic IV per email so rebuilds produce identical ciphertext
+      # (keeps git diffs and CDN caches stable). IV reuse with the same plaintext
+      # under the same key is safe under AES-GCM; reuse with *different*
+      # plaintexts under the same key is what's catastrophic, and that doesn't
+      # happen here because each email gets its own derived IV.
+      def encrypt(email, key_hex)
+        key = [key_hex].pack("H*")
+        iv = Digest::SHA256.digest("liame-iv:#{key_hex}:#{email}")[0, 12]
+        cipher = OpenSSL::Cipher.new("aes-128-gcm").encrypt
+        cipher.key = key
+        cipher.iv = iv
+        cipher.auth_data = ""
+        ct = cipher.update(email) + cipher.final
+        Base64.strict_encode64(iv + ct + cipher.auth_tag)
+      end
+
+      def inline_svg(email, color)
+        width = email.length * 9 + 20
+        %(<svg xmlns="http://www.w3.org/2000/svg" class="liame-svg" ) +
+          %(width="#{width}" height="20" viewBox="0 0 #{width} 20" ) +
+          %(aria-label="contact" role="img">) +
+          %(<text x="0" y="14" font-family="JetBrains Mono, monospace" font-size="13" fill="#{color}">) +
+          %(#{CGI.escapeHTML(email)}</text></svg>)
+      end
+    end
+  end
+end
+
+::Liquid::Template.register_tag("munge_email", Jekyll::EmailMunge::MungeEmailTag)

data/lib/jekyll-email-munge/version.rb

@@ -0,0 +1,5 @@
+module Jekyll
+  module EmailMunge
+    VERSION = "0.1.0".freeze
+  end
+end

data/lib/jekyll-email-munge.rb

@@ -0,0 +1,3 @@
+require_relative "jekyll-email-munge/version"
+require_relative "jekyll-email-munge/munge_email_tag"
+require_relative "jekyll-email-munge/munge_email_script_tag"

metadata

@@ -0,0 +1,109 @@
+--- !ruby/object:Gem::Specification
+name: jekyll-email-munge
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Federico Ramallo
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: jekyll
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.7'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.7'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+description: |
+  A Jekyll plugin for address munging — defending email addresses on public
+  sites against bulk harvesters. Stacks five independently-effective
+  techniques (AES-128-GCM encryption, JS conversion, click trigger,
+  CSS-hidden decoy, SVG noscript fallback) so scrapers see ciphertext while
+  humans see a normal mailto link. Drop in a Liquid tag —
+  `{% munge_email "user@example.com" %}` — and the plugin handles encryption
+  at build time, the decoder script, and the fallback markup.
+email:
+- framallo@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- LICENSE.txt
+- README.md
+- jekyll-email-munge.gemspec
+- lib/jekyll-email-munge.rb
+- lib/jekyll-email-munge/decoder.js
+- lib/jekyll-email-munge/munge_email_script_tag.rb
+- lib/jekyll-email-munge/munge_email_tag.rb
+- lib/jekyll-email-munge/version.rb
+homepage: https://github.com/framallo/jekyll-email-munge
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/framallo/jekyll-email-munge
+  changelog_uri: https://github.com/framallo/jekyll-email-munge/blob/main/CHANGELOG.md
+  bug_tracker_uri: https://github.com/framallo/jekyll-email-munge/issues
+  documentation_uri: https://github.com/framallo/jekyll-email-munge#readme
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.7.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 4.0.4
+specification_version: 4
+summary: 'Address-munge email links in Jekyll: AES-encrypted payloads, decoy text,
+  click-to-reveal, SVG fallback.'
+test_files: []