Banned user profiles should not be credited for edits


User management
a year ago
a year ago


(Reporter: shobson, Assigned: jwhitlock)


(Blocks: 1 bug, {in-triage})




a year ago
Users with an active ban should not be linked to from anywhere on the site.

There are 3 places a user profile could be linked to:
1) the contributor bar at the top of the page
2) the list of contributors at the bottom of the page
3) the "last updated by" at the bottom of the page

We appear to be checking for is_active but a banned profile does not have is_active removed from it, instead it has a ban added.


a year ago
Summary: Banned user profiles should 404 and not be credited for edits → Banned user profiles should not be credited for edits

Comment 1

a year ago
A few more places for links:

* Page history ($history)
* Revision Dashboard (/en-US/dashboards/revisions)

Both are restricted in robots.txt, but we could add "nofollow" to the links for added protection.

Comment 2

a year ago

Comment 3

a year ago
Kuma uses signals to set or clear user.is_active when a User Ban is added, changed, or deleted:

Related bugs:
* bug 869480 and bug 809495 (mozilla/kuma#1108)
* bug 1148727 (mozilla/kuma#3288)

So, I think user.is_active can be a reasonable proxy for if a user is banned or disabled for other reasons, and I'll use that for the rel=nofollow
Assignee: nobody → jwhitlock

Comment 4

a year ago
Commits pushed to master at
bug 1353134: Reflect bans in contributors faster

When a ban is added, changed, or deleted, invalidate the contributor
list for documents that were edited by the user. This will cause the
contributor list to be updated asynchronously, rather than waiting up to
12 hours for a refresh.
bug 1353134: Add rel=nofollow to banned user links

When linking to an inactive creator's profile page, add rel='nofollow'
to the link to suggest that search crawlers should not follow the link.
User accounts can be inactive because of a ban or account lockout.
Merge pull request #4227 from jwhitlock/banned-user-less-links-1353134

Bug 1353134: Remove or nofollow banned user links

Comment 5

a year ago
Deployed to staging and production.
Last Resolved: a year ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.