Closed
Bug 928128
Opened 11 years ago
Closed 10 years ago
Don't allow URLs in collection descriptions
Categories
(addons.mozilla.org Graveyard :: Collections, enhancement, P1)
addons.mozilla.org Graveyard
Collections
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: jorgev, Assigned: vagnano)
Details
(Whiteboard: [contribute][spampocalypse])
We're getting a ton of collection spam, most of which are empty collections with URLs in the description. Now allowing descriptions with URLs might discourage spammers from doing this.
Comment 1•11 years ago
|
||
I think we can disable links without disabling all HTML. Pretty sure it's just a flag in the code. There are probably good examples.
Severity: normal → enhancement
Priority: -- → P3
Whiteboard: [contribute]
Reporter | ||
Updated•10 years ago
|
Whiteboard: [contribute] → [contribute][spampocalypse]
Reporter | ||
Comment 2•10 years ago
|
||
Spam is becoming a major problem and time sink for us (me, particularly), so I'm making this a P1.
Priority: P3 → P1
Comment 3•10 years ago
|
||
I took a stab at this bug: https://github.com/mozilla/zamboni/pull/1665.
Comment 4•10 years ago
|
||
What HTML are we actually allowing in the description field? I have tried some common ones but it doesn't seem to get rendered.
Reporter | ||
Comment 5•10 years ago
|
||
If it uses the same options as the add-on description field, it would support things like <b>, <code>, <ul>, and <ol>. It might be that it only allows text and automatically linkifies things it recognizes as URLs.
Comment 6•10 years ago
|
||
Yeah from what I can tell I think it is the latter (only allowing text but linkifies URLs). In this case would the best course of action be to just disable the linkifying or should we have the field support other HTML tags (but not links)?
Reporter | ||
Comment 7•10 years ago
|
||
It should be text only. We should definitely remove the linkifying and I would go even further and just remove any URLs from the text. Having text URLs might still motivate spammers.
Comment 8•10 years ago
|
||
Just a thought: if the aim is to discourage spammers, shouldn't we just prevent collections from being posted if they contain urls (with markup, or just text URLs)? We could have a form validation, and if there's an URL, display an error message warning that they're not allowed. This way, automated spam won't work at all, and real humans trying to create a collection will be warned and have a chance to correct the description. I believe we could keep simple markup though, as for the add-on description field. Thoughts?
Comment 9•10 years ago
|
||
(In reply to mathieu from comment #8) > Just a thought: if the aim is to discourage spammers, shouldn't we just > prevent collections from being posted if they contain urls (with markup, or > just text URLs)? I think so. If I'm understanding correct, I think that's what Jorge's saying in comment 7.
Reporter | ||
Comment 10•10 years ago
|
||
My suggestion was to strip URLs from descriptions, but preventing their creation is also a good solution. Just make sure that the auto-linkification code is also removed, since there are many spam collections still present on the site.
Assignee | ||
Updated•10 years ago
|
Assignee: nobody → vagnano
Comment 11•10 years ago
|
||
I'm implementing a way to forbid creating collections with links: trying to submit a collection with a link in its edit form's description will raise a form validation error, asking the user to modify the input. Even if, for some reason, the link and markup can make their way to the database, before being stored, the markup will be escaped, and the links removed. So no new collection will have links, and markup will be escaped. However, how should we deal with existing collections with links in their description? I could simply strip the links when displaying the description, but that would be the case for everybody, not only spammers. If you had a perfectly valid description before the patch, it will be displayed stripped out of its links (URLs and text links). Here's an example of what I mean: Before: 'This is my favorite collection from <a href="http://example.com">my best friend</a>.' After: 'This is my favorite collection from .'
Comment 12•10 years ago
|
||
Can't we strip tags? Turning it into "This is my favorite collection from my best friend."
Comment 13•10 years ago
|
||
That would still leave us with the issue when the inner text is itself a link (Jorge asked to remove all kind of links, with or without markup). So that would change '<a href="http://example.com">http://example.com</a>' into 'http://example.com'
Reporter | ||
Comment 14•10 years ago
|
||
(In reply to mathieu from comment #13) > So that would change '<a href="http://example.com">http://example.com</a>' > into 'http://example.com' That's fine with me as long as it isn't shown as a link. The ones that are spam we can delete later.
Comment 15•10 years ago
|
||
fixed in https://github.com/magopian/zamboni/commit/2aabf985779fb4d415697cbab4af8bbbc98cc6fd
Updated•10 years ago
|
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Updated•8 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•