1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Duplicate Censor super fail with formated banned words

Discussion in 'Resolved Bug Reports' started by XxUnkn0wnxX, Jun 23, 2014.

  1. XxUnkn0wnxX

    XxUnkn0wnxX Active Member

    i have banned most/all words and yet they still find ways to bypass it by using the bold tags

    [ b ] [ /b ]

    or any tags like the url one:

    thats just so sad :(

    and i don't even know how i would censor that

    would i place the bold tags around the f and the rest lower case?
     
  2. Brogan

    Brogan XenForo Moderator Staff Member

    This is impossible to deal with programmatically as the combinations are unlimited.

    You will need to deal with it via moderation, disciplining those who deliberately bypass the censor.
     
    Amaury likes this.
  3. XxUnkn0wnxX

    XxUnkn0wnxX Active Member

    cant a rule be added in or a better filter? to censor words out no matter what format they are in?
     
  4. Jeremy

    Jeremy XenForo Moderator Staff Member

    It is programmatically impossible to do that.
     
    Amaury likes this.
  5. CyclingTribe

    CyclingTribe Well-Known Member

    Couldn't you simply parse the content with all BBCode elements removed to catch profanity?
     
  6. XxUnkn0wnxX

    XxUnkn0wnxX Active Member

    well i'm unsure how to do that.. but i prefer to let users to customize there text within the forums and shoutbox if i just strip it away then users will find my site less creative.
     
  7. Jeremy

    Jeremy XenForo Moderator Staff Member

    There are a myriad of ways that do not involve BBCode that allows you to get around the censor.

    It really isn't plausible to cover every possible case that could get around it.
     
    Amaury likes this.
  8. CyclingTribe

    CyclingTribe Well-Known Member

    Really? Like what?

    My understanding is that all formatting in the XF editor uses BBCode (although I've never allowed HTML so that's possibly a different ball game).

    I'm not suggesting it would be efficient to parse the content twice (to strip the BBCode and censor check) - but it does make a mockery of the current implementation when all you need to do to circumvent the filter is select one character in your swear word and change the colour to black!

    Cheers,
    Shaun :D

    Note: Being "good" I decided against demonstrating the above ... but it was very tempting ... :LOL:
     
    Martok likes this.
  9. Brogan

    Brogan XenForo Moderator Staff Member

    Spaces. Full stops. Replacing letters with numbers.
    Plus numerous other ways.
     
    Amaury likes this.
  10. XxUnkn0wnxX

    XxUnkn0wnxX Active Member

    then what is the whole point of the censor feature if its not very effective?

    why not spend more time into and make it smarter maybe make it think for its self and allow it to scan each phrase and determine wither to censor it or not no matter what the formatting is or how many spaces it has. maybe link it to a words list or dictionary if that will help to censor all possible ways that word can be represented. or a txt/feed that xenforo staff/members keep updating and users just subscribe to it and the word list keeps updating every x many hours.

    like an ad blocker works you subscribe to a filter list and it gets updated every x many days with new rules
     
  11. Brogan

    Brogan XenForo Moderator Staff Member

    If you think you can write code to account for every possible combination and permutation, feel free to give it a go.
     
    Amaury likes this.
  12. Martok

    Martok Well-Known Member

    I completely agree that this sort of thing to bypass the censor comes down to moderation. I also completely understand that programmatically there is no way that you could make the word censor work for all possibilities. It would be nice though if the developers could add the possibility of parsing the content with the BB Code elements removed to catch the incidents mentioned. Of course if it's too resource-intensive then that's a fair enough reason not to do this.
     
    Amaury likes this.
  13. Mike

    Mike XenForo Developer Staff Member

    Frankly, something like that will never meet performance requirements.

    Just like you need to enforce other rules through a human, you need to handle censor avoidance in the same way. For someone to go down that route, you know that they are intentionally trying to avoid the automated censor -- the tool you set up to show them that the behavior isn't acceptable. That should be a pretty clear indication (to them) that they're doing something undesirable on your forum.
     
    Steve F, Amaury and Martok like this.
  14. CyclingTribe

    CyclingTribe Well-Known Member

    Ah, okay, well I agree on the replacement character issue - definitely not something you can program for - but BBCode "breaking" XFs built-in censor does seem like something that could be improved upon at some future point (suggestion). ;)

    Cheers,
    Shaun :D
     
  15. Martok

    Martok Well-Known Member

    I wouldn't call it "breaking" the censor any more than replacing an i for a 1 in the 'S' word or adding a '.' into a swear word. Words that are completely wrapped in BB Code are still filtered correctly, it's only when someone emboldens a single letter or colours part of the word or something similar that the censor doesn't filter the word. So, if 'banana' is a banned word:

    These would be filtered:
    banana
    [B]banana[/B]
    [COLOR=#ff4d4d]banana[/COLOR]

    These wouldn't be filtered:
    ban.ana
    bannana
    [B]b[/B]anana
    [COLOR=#ff4d4d]ban[/COLOR]ana

    As has been said, someone has deliberately avoided the censor to use any of the latter and so should be dealt with accordingly.
     
    Amaury and Steve F like this.
  16. CyclingTribe

    CyclingTribe Well-Known Member

    Sure, and I agree that character replacement / fudging cannot be programmed for - but you can currently "break" the filter simply by colouring a single character:

    Type the F-word - select any single letter - click the colour drop-down and select black - and "Hey presto!!" your swear word gets a free pass! Simples!! :p

    Now if XF stripped the BBCode and parsed the barenaked content then it would catch a few more of these types of attempt to swear and it would be an improvement over the current implementation; not a cure, of course, but an improvement. ;)

    Having said that, if such an improvement is not viable because stripping the BBCode would be intensive (and overkill for the limited few attempts to circumvent the filter with BBCode), then so be it. :D

    And if anyone doesn't agree with me they can @#!? .... :ROFLMAO:
     

Share This Page