search

iamysko / cds

Discord bot based on Spring Boot. Implements JDA Discord API wrapper.
Apache License 2.0
9 stars 6 forks source link

RDSS linked evidence precaution #142

Open 1Blindy opened 2 years ago

1Blindy commented 2 years ago

This feature request for RDSS is not really related to a problem but would be preferred for moderator safety with RDSS ban approvals linking Roblox phishing links along with other phishing links of sorts.

I would like to see RDSS ban approvals contain links/the evidence in `` ('https://www.roblox.com/home'). Reasoning behind this is concern of a moderator miss-click which could cause a moderators account and/or personal information to become compromised.

image RoModerator already has this as an action when banning users with the evidence.

image

I have considered making a pull request for this myself however my knowledge is not quite there yet to do this myself and still learning.

raretendo commented 2 years ago

The markdown features of the originating ban request can be retained, as they are removed in the code, so that the phishing links aren't able to be clicked. However, RoMod also applies the same markdown feature which can yield unusual results and causing the link to be clickable again, like so:

Originating ban request evidence: AUTOMATED BAN REQUEST BY FILTER: <https://roblox.com> What is displayed in RoMod's success message: AUTOMATED BAN REQUEST BY FILTER:https://roblox.com/``

This is also seen when automatic mutes are executed. There are ways we can prevent the link from being clickable in the success reason, for example by adding a backtick at the beginning, but if you were to ever bring up that particular infraction, you can see that the link is still clickable, like so:

Originating ban request evidence: AUTOMATED BAN REQUEST BY FILTER: <https://roblox.com> What is displayed in RoMod's success message (after prepending a backtick in the evidence): AUTOMATED BAN REQUEST BY FILTER: `<https://roblox.com> Output when displaying evidence for that particular infraction: AUTOMATED BAN REQUEST BY FILTER:https://roblox.com`

Ultimately, the best solution would be if RoMod would remove any other markdown formatting features from the evidence then RDSS can retain the markdown formatting of the originating ban request.

However, my thoughts about it are that I'm not sure it is necessary because discord will prompt you with a confirmation if you want to visit that website for domains you have not shown trust for. What's real and what's a phishing link is pretty easy to discern and even then, clicking a phishing link doesn't do much unless you enter your account information on the site