Labels Milestones

New Issue

Generate clean slugs #228

Open

by roipoussiere opened 3 years ago · 5 comments

roipoussiere commented 3 years ago (Migrated from github.com)

Owner

When we create a new blog, a slug is created (ie. My blog becomes myBlog).

To avoid characters encoding, this slug should not contains special characters:

Slugs may be entirely lowercase, with accented characters replaced by letters from the English alphabet and whitespace characters replaced by a dash or an underscore to avoid being encoded. Punctuation marks are generally removed, and some also remove short, common words such as conjunctions.
Wikipedia

For instance, the blog title Blog de Nathanaël becomes ~BlogDeNathanaël, so the url is encoded to
https://fediverse.blog/~/BlogDeNathana%C3%ABl/ which is hard to read for a human.

Also, is easy to spoof an identity by using a title with similar letters (for instance 𝖻а𝗍 looks identical to bat, but uses 3 other different characters)... and there are 337,968,125,414,970,750,000,000 ways to write my blog name using utf-8 confusable characers. ;)

By convention, most slugs uses hyphen-separated lowercase words.

When we create a new blog, a slug is created (ie. `My blog` becomes `myBlog`). To avoid characters encoding, this slug should not contains special characters: > Slugs may be entirely lowercase, with accented characters replaced by letters from the English alphabet and whitespace characters replaced by a dash or an underscore to avoid being encoded. Punctuation marks are generally removed, and some also remove short, common words such as conjunctions. [Wikipedia](https://en.wikipedia.org/wiki/Clean_URL#Slug) For instance, the blog title `Blog de Nathanaël` becomes `~BlogDeNathanaël`, so the url is encoded to `https://fediverse.blog/~/BlogDeNathana%C3%ABl/` which is hard to read for a human. Also, is easy to spoof an identity by using a title with similar letters (for instance `𝖻а𝗍` looks identical to `bat`, but uses 3 other different characters)... and [there are 337,968,125,414,970,750,000,000 ways to write my blog name using utf-8 confusable characers](https://unicode.org/cldr/utility/confusables.jsp?a=blog+de+nathanael&r=None). ;) By convention, most slugs uses hyphen-separated lowercase words.

👍 1

elegaanz commented 3 years ago (Migrated from github.com)

Owner

By convention, most slugs uses hyphen-separated lowercase words.

That's what we are doing for articles slugs, but as blogs slugs are also used as ActivityPub actor name, I prefer to have them CamelCased (if we allow to mention blogs in articles in the future for instance, it will be more coherent with usernames that rarely contains hyphens as spaces).

> By convention, most slugs uses hyphen-separated lowercase words. That's what we are doing for articles slugs, but as blogs slugs are also used as ActivityPub actor name, I prefer to have them CamelCased (if we allow to mention blogs in articles in the future for instance, it will be more coherent with usernames that rarely contains hyphens as spaces).

elegaanz commented 3 years ago (Migrated from github.com)

Owner

I think I will open a debate on Loomio for this issue, because even if I agree that we shouldn't make it easy to do phishing or to impersonate someone else, I don't think we can really use something like punnycode, or create something to transform non-ascii characters to ascii. I feel like we should take the risk to have impersonation/phishing but I don't know if it is actually a good idea.

I think I will open a debate on Loomio for this issue, because even if I agree that we shouldn't make it easy to do phishing or to impersonate someone else, I don't think we can really use something like punnycode, or create something to transform non-ascii characters to ascii. I feel like we should take the risk to have impersonation/phishing but I don't know if it is actually a good idea.

elegaanz commented 3 years ago (Migrated from github.com)

Owner

Here is the Loomio discussion: https://framavox.org/d/d5P7oepg/slugs

Here is the Loomio discussion: https://framavox.org/d/d5P7oepg/slugs

elegaanz commented 2 years ago (Migrated from github.com)

Owner

This algorithm may be usefull to solve this issue in way that both avoid security issues, and allows for characters outside of ASCII: https://wiki.mozilla.org/IDN_Display_Algorithm

This algorithm may be usefull to solve this issue in way that both avoid security issues, and allows for characters outside of ASCII: https://wiki.mozilla.org/IDN_Display_Algorithm

👍 2

thorsten-panknin commented 2 years ago (Migrated from github.com)

Owner

It's relevant for German, too. We have umlauts äüö and the ß.

It's relevant for German, too. We have umlauts äüö and the ß.

👍 2

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

DearRude/force-lang

RAOF/fix-arm64-build

clippy

drone-ci

epsilon-phase/authorized-fetch

feature/ldap

fix-mobile-margin

floreal/translations-update

go/async

igalic/feat/custom-fairing-domains

igalic/go/async-all-mut

improve-the-editor-once-again

ldap-non-anon

main

missing-docs

remove-dup-images

signature

test/dotenv_error

upgrade

v0.7.0

0.2.0-alpha-1

0.3.0-alpha-2

0.4.0-alpha-4

0.5.0

0.6.0

Labels

Apply labels

Clear labels

A: API
Related to the REST API A: Backend
Code running on the server A: Federation
Stuff related to Federation A: Front-End
Related to the front-end A: I18N
Translations, and related code A: Meta
More about project management or code than the project itself A: Security Build
The building, or installation process of Plume C: Bug
Something isn't working C: Discussion
We need to talk C: Enhancement
New feature or request C: Feature
This is a new feature Compatibility
Compatibility with different browsers, readers and OS Dependency
Related to an external package that Plume uses Design
UI/UX related issues and PRs Documentation Good first issue
Good for newcomers Help welcome
Extra attention is needed Mobile
Issues affecting only mobile UX Rendering
How elements're rendered out for the end user S: Blocked
Something else needs to be fixed first S: Duplicate
This issue or pull request already exists S: Incomplete
This PR is not complete yet S: Instance specific
Issues concern a limited number of instances S: Invalid
This doesn't seem right S: Needs Voting/Discussion
Need to be discussed by the community (on Loomio) S: Ready for review
This PR is ready to be reviewed Suggestion
Proposed ideas worth considering S: Voted on Loomio
This is issue has been created after a vote on Loomio S: Wontfix
This will not be worked on

No Label A: API A: Backend A: Federation A: Front-End A: I18N A: Meta A: Security Build C: Bug C: Discussion C: Enhancement C: Feature Compatibility Dependency Design Documentation Good first issue Help welcome Mobile Rendering S: Blocked S: Duplicate S: Incomplete S: Instance specific S: Invalid S: Needs Voting/Discussion S: Ready for review Suggestion S: Voted on Loomio S: Wontfix

Milestone

Set milestone

Clear milestone

No items

No Milestone

1.0

Assignees

Assign users

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Write Preview

Loading…

Cancel

Save

There is no content yet.