Additional validation step for previewed correspondence content

[RichardTaylor]

Keep a request in "preview" and don't show the "send and publish" button if certain terms are present in the proposed text.

This could operate like the technically enforced rule on mixed case content in request bodies and titles/subjects.

This feature could be used to help tackle abuse and spam.

Users should be given a generic error message, rather than one that prompts them on how to evade the feature. Error message should invite those who feel their request has been blocked inappropriately to contact the admin team.

[garethrees]

Users should be given a generic error message, rather than one that prompts them on how to evade the feature.

What phrasing did you have in mind here?

Error message should invite those who feel their request has been blocked inappropriately to contact the admin team.

We'd end up losing the request here, I think, as I'm pretty sure that we don't save the InfoRequest record until the user clicks "Send and Publish". I think working around this would be difficult (allowing a request to be saved but "unsent") but just noting the issue for consideration.

[RichardTaylor]

As I envisaged the feature being used to tackle spam and abuse not storing the draft request shouldn't be a blocker; though we shouldn't suggest the request has been saved.

I suggest the feature could operate in exactly the same way as the enforcement of mixed case, and the requirement for a signature.

The wording (which hopefully no genuine users would ever see) could be something like:

This request has been blocked by our system. If you think this has been done in error please contact us including a copy of the message you were trying to send.

Possibly related: #3387

[garethrees]

Implemented a similar hack to this in https://github.com/mysociety/whatdotheyknow-theme/pull/512