Continuing the discussion from Inappropriate / Obscenity / Profanity Language Filter:
So the profanity filter works well … not that we see it used often.
But is there a way to add regex/patterns so it could block people from putting an email address in a post?
That would be extremely dangerous, though.
“Extremely dangerous” is a strong phrase. Can you say more about why you feel that way?
Regex is like a language unto itself. Even a lot of seasoned programmers have trouble with it.
Using it requires not only understanding every possible variation you want to match, but also every possible variation you want to not match.
A lot of people do fairy well with the first, but fail with the second.
For example, using
(.)* matches everything, anything, and nothing.
I see it used way too often as a “short cut” to get things to match, but unfortunately it often results in matching what it shouldn’t.
I guess if it were under the “developers only” section it might be enough to scare off Admins that shouldn’t mess with it. But human nature being what it is, give out loaded guns and it’s only a matter of time before someone shoots themselves in their foot.
And as for a valid email regex, it is notoriously difficult to craft a fool-proof one. Many come close and are “good enough” but without additional processing there will likely be problems at some point.
Fair enough, but the filter already exists in Discourse, even if you aren’t using it personally. Also, keep in mind (in response to your blog post) that the Discourse filter doesn’t replace strings, it masks them with squares.
Regexes are inherently difficult, so I’m not necessarily proposing that you ask everyday users to use them as the mainstream use case. The current system works fine for most cases, but there’s no way to surefire way prevent people from posting most common email addresses. (I am not interested in the debate on the “perfect” email regex.)
Meanwhile, I’m simply blocking some of the most common domain names like
I am not interested in letting perfect get in the way of good here. Just trying to prevent the most common occurrences.
Actually, last I knew it replaces the characters with the box decimal value
eg. blocking “@gmail.com”, “email@example.com” would look like
and the source would be
That is what I meant when I finished the sentence with:
Forgive my error of specificity. What I meant was that it doesn’t replace it with other letters to change the word, as described in the blog post above.
So, I’m interested in preventing people from sharing their email address in public discussions in our community, for the sake of their privacy (perhaps some people don’t realize, despite our best efforts, that the discussions are public?).
Would this be suitable? Or would it have significant risks I am not appreciating?
All regexes carry huge risk, the more broad, the more risk. Those are… quite risky.
My naive hope would be that the “@” and the inclusion of top level domains would narrow it down to just email addresses. Is there no way to target these?
*.?@gmail.com would be significantly safer. Ideally I would say word characters only not asterisk (all chars) too.