Page MenuHomePhabricator

[keyserver] Handle offensive words in invite links
ClosedPublic

Authored by tomek on Jul 18 2023, 4:14 AM.
Tags
None
Referenced Files
F3527347: D8527.id29176.diff
Tue, Dec 24, 4:44 AM
F3525117: D8527.diff
Mon, Dec 23, 3:43 PM
Unknown Object (File)
Nov 23 2024, 12:50 PM
Unknown Object (File)
Nov 23 2024, 12:50 PM
Unknown Object (File)
Nov 23 2024, 7:17 AM
Unknown Object (File)
Nov 20 2024, 5:55 PM
Unknown Object (File)
Nov 20 2024, 5:55 PM
Unknown Object (File)
Nov 20 2024, 5:54 PM
Subscribers
None

Details

Summary

Check if an invite link contains abusive words and return an error if that's the case.

https://linear.app/comm/issue/ENG-4181/handle-offensive-abusive-words
https://www.npmjs.com/package/bad-words

Depends on D8494

Test Plan

Tried to create a link consisting of just an offensive word and an error was returned.
Tried to create a link with a string consisting of an offensive word with some prefix - a link was created correctly. This isn't ideal, but handing it correctly might be challenging: e.g. invite/class sounds like a proper link, but simply checking if it contains an offensive substring would forbid it.

Diff Detail

Repository
rCOMM Comm
Branch
invite-error
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

tomek requested review of this revision.Jul 18 2023, 4:32 AM

Can you provide some more context on the selection of this package? I noticed it hasn't been updated in 3 years and has some unaddressed GitHub issues, but I'm guessing your research showed that it's the best option.

Can you provide some more context on the selection of this package? I noticed it hasn't been updated in 3 years and has some unaddressed GitHub issues, but I'm guessing your research showed that it's the best option.

It is the most popular NPM package for profanity checks https://www.npmjs.com/search?q=keywords%3Aprofanity&ranking=popularity. Also, the issues on Github aren't serious. The implementation is so simple that it doesn't need frequent updates.

Doe this mean that it is possible to create a community with a name that is a swearword in some language, but then we won't be able to create a link that has the name of that community in it? That seems odd

In D8527#253676, @tomek wrote:

Can you provide some more context on the selection of this package? I noticed it hasn't been updated in 3 years and has some unaddressed GitHub issues, but I'm guessing your research showed that it's the best option.

It is the most popular NPM package for profanity checks https://www.npmjs.com/search?q=keywords%3Aprofanity&ranking=popularity. Also, the issues on Github aren't serious. The implementation is so simple that it doesn't need frequent updates.

Thanks for explaining!

In D8527#254082, @inka wrote:

Doe this mean that it is possible to create a community with a name that is a swearword in some language, but then we won't be able to create a link that has the name of that community in it? That seems odd

The name will eventually be encrypted, so we (as Comm) should have no way to ban it. On the other hand, the invite link will use our domain name in the future, so I think it makes sense to add some filtering there.

Can you clarify what will happen on older clients when this endpoint returns a ServerError that they aren't aware of?

EDIT

Looks like on older clients it will display offensive_words directly. But D8494 makes it so if a future keyserver returns an unknown error code to a future client, unknown error will be displayed instead.

This revision is now accepted and ready to land.Jul 27 2023, 6:08 PM

Can you clarify what will happen on older clients when this endpoint returns a ServerError that they aren't aware of?

EDIT

Looks like on older clients it will display offensive_words directly. But D8494 makes it so if a future keyserver returns an unknown error code to a future client, unknown error will be displayed instead.

Yes, that's exactly what will happen.