TYPO3 Core

TESTED: (Working in 10.4.18 / breaks in 10.4.19)

config {
  # ascii / -5 to 1
  spamProtectEmailAddresses = -4
  # (at)
  spamProtectEmailAddresses_atSubst = <script type="text/javascript" language="JavaScript">document.write('@');</script><noscript>@</noscript>
  # (dot)
  spamProtectEmailAddresses_lastDotSubst = <script type="text/javascript" language="JavaScript">document.write('.');</script><noscript>.</noscript>
}

output/sourcecode (yes, all the whitespaces are also rendered)

<p>
    <a href="javascript:linkTo_UnCryptMailto(%27ocknvq%2CkphqBrtczku%5C%2Fmkghgt0fg%27);">E: mail&lt;script type="text/javascript" language="JavaScript"&gt;document.write('@');&lt;/script&gt;</a>
</p>
&lt;noscript&gt;@&lt;/noscript&gt;mail&lt;script type="text/javascript" language="JavaScript"&gt;document.write('.');&lt;/script&gt;&lt;noscript&gt;.&lt;/noscript&gt;com

MAIL<SCRIPT TYPE="TEXT/JAVASCRIPT" LANGUAGE="JAVASCRIPT">DOCUMENT.WRITE('@');</SCRIPT>

<noscript>@</noscript>mail<script type="text/javascript" language="JavaScript">document.write('.');</script><noscript>.</noscript>com

<hr/>

Expected behavior
output/sourcecode before update: (This one was working perfect!)

<a href="javascript:linkTo_UnCryptMailto(%27ocknvq%2CkphqBrtczku%5C%2Fmkghgt0fg%27);">E: mail<script type="text/javascript" language="JavaScript">document.write('@');</script>@<noscript>@</noscript>mail<script type="text/javascript" language="JavaScript">document.write('.');</script>.<noscript>.</noscript>com</a>

output rendered:

E: MAIL@Mail.com