search

bluesky-social / social-app

The Bluesky Social application for Web, iOS, and Android
https://bsky.app
MIT License
8.27k stars 1.11k forks source link

Prevent Bogus Link Embed Cards being generated #5525

Open SpriterGors opened 11 hours ago

SpriterGors commented 11 hours ago

Is your feature request related to a problem? Please describe.

Currently, when you paste a URL on the post composing box, a link embed card is generated automatically, which can be useful for easier linking.

However, this also happens when you type text that could be interpreted as a URL, meaning bogus link embed cards get generated. For example:

  1. Composing a text with a misspelling converts it to link embed card automatically. Notice it displays an Error Captura de tela 2024-09-28 103323

  2. Deleting the link embed card still keeps the bogus link clickable Captura de tela 2024-09-28 103305

  3. Post with misspelled text generated as link and displating link embed card Captura de tela 2024-09-28 103131

  4. The original post that made me research this behavior further. The poster wanted to say "Appealing, so" but made a misspelling (presumably "appealing.so"), corrected it but the bogus link embed card remained in the post. Captura de tela 2024-09-28 103436

Describe the solution you'd like

More obvious controls when link embed cards are generated, and when they are generated.

Describe alternatives you've considered

Editing the text to erase the bogus link should also remove the embed; Prevent generation of such links when it detects Errors.

Additional context There are other issues pertaining to link embed card behavior, but this one is caused by honest mistakes during common communication (no copy and pasting of links are actually involved). This could be exploited by bad users who can fashion malicious URLs that are easier to be typed during conversation via accident.

surfdude29 commented 10 hours ago

I agree that this is a problem as I've seen this happening quite a few times.

For example 2, however, since .so is a valid ccTLD (for Somalia), hello.so is a valid possible domain name (without getting into the specifics of what domain names the .so registry allows).

So even though examples like that might be annoying, I'm not sure what a better result in that case would be, as being able to link to websites by just typing the domain name – without having to include https:// – is a very useful feature.

For link cards, I can think of one straightforward fix which would hopefully be easy to implement: if a user types or pastes a link and Error: Unable to generate link preview is encountered because the website is not an actual website (or there's some other issue), the link card should automatically be deleted after a short delay (maybe 2 seconds?)

SpriterGors commented 8 hours ago

I agree that example 2 specifically is a tough nut to crack, but I do believe that most people notice they typed an "accidental link" the moment the link embed card appears, and correct right away (as per example 4).

The bulk of the problem to me is that even when they correct the typo, the card remains, which could be frustrating to users who managed to fix the text but still got the link on it anyway (which happened in example 4)

For link cards, I can think of one straightforward fix which would hopefully be easy to implement: if a user types or pastes a link and Error: Unable to generate link preview is encountered because the website is not an actual website (or there's some other issue), the link card should automatically be deleted after a short delay (maybe 2 seconds?)

I like this idea, it would help reduce the number of such cards