Filter open-ended K-5 project types#66614
Conversation
| _, project_id = storage_decrypt_channel_id(encrypted_channel_id) | ||
| project_type = Project.find(project_id).project_type | ||
| not_found if abuse_score >= SharedConstants::ABUSE_CONSTANTS.ABUSE_THRESHOLD && !can_view_abusive_assets?(encrypted_channel_id) | ||
| not_found if profanity_privacy_violation?(filename, result[:body], project_type) && !can_view_profane_or_pii_assets?(encrypted_channel_id) |
There was a problem hiding this comment.
Revert change from https://github.com/code-dot-org/code-dot-org/pull/65468/files#r2058744861
| }); | ||
| } | ||
|
|
||
| function fetchPrivacyProfanityViolations(resolve) { |
| if params[:program] && sharing_allowed | ||
| share_failure = nil | ||
| if @level.game.sharing_filtered? | ||
| project_type = 'playlab' |
There was a problem hiding this comment.
The other open-ended projects geared for young users are channel-backed and filtered via call to fetchPrivacyProfanityViolations in project.js within loadProjectBackedLevel_:
molly-moen
left a comment
There was a problem hiding this comment.
Looks good, a couple minor questions!
| # convert to array of lines split at newline, | ||
| # strip leading/trailing whitespace from each line, | ||
| # drop any blank lines. | ||
| return stripped.gsub(/<[^>]*>/, "\n").split("\n").map(&:strip).reject(&:empty?) |
There was a problem hiding this comment.
will this still include ids?
There was a problem hiding this comment.
No , the returned string array will not include ids. XML programs can include block ids, but they're contained within the XML tag, e.g., <block type="math_number" id="fill_in_actor_qtip">, so they will be stripped.
| end | ||
|
|
||
| # Recurse into the 'next' chain. | ||
| traverse_block(block.dig("next", "block"), texts) |
There was a problem hiding this comment.
will there always be a next?
There was a problem hiding this comment.
No, there is not always a "next". I'm going to update the test to reflect that there is not always a "next". If there is no "next", then block.dig("next", "block") returns nil, and when traverse_block is called again, it will return immediately since block.is_a?(nil) will return false. Thanks!
This PR adds profanity and privacy filtering via WebPurify for projects that support open-ended text fields and are geared for young users (Sprite Lab, Poetry Lab, and Play Lab).
I reverted changes from:
project.jsfor Play Lab projects, but then added Sprite Lab and Poetry Lab to the list of projects to check,profanity_privacy_violationinfiles_apiwhen the source file is being requested.We temporarily stopped the filtering of Play Lab project source files because of a several reports from teachers that false positives were blocking projects and disrupting their classrooms. A high number of these false positives were due to the block ids which include a random sequence of ascii characters, parts of which were being flagged by WebPurify.
To resolve this, this PR updates the
find_share_failuremethod inshare_filteringwhich now calls on new helper functionextract_text_blockly. This function first detects whether the program is in XML or JSON format. If XML, it strips the xml tags. If JSON, field values, block inputs, comments, and variables are extracted (and block ids are not included).traverse_blockis a recursive helper function that helps extracts field values, comments, and input values within a Blockly 'block'.Before update
Sprite Lab standalone project (currently program is not filtered for profanity):
before-update-spritelab-project.mov
Sprite Lab standalone activity level (currently program is not filtered for profanity):
before-update-spritelab-level.mov
Poetry Lab standalone project (currently program is not filtered for PII):
poetry-before-pii.mov
Play Lab standalone project (currently program is not filtered for profanity):
before-update-playlab-project.mov
A note that currently, Play Lab activity levels ARE being filtered. When a program is flagged, the level sources are not saved. This will be maintained:
on-prod-playlab-activity-level.mov
After update
Sprite Lab standalone project with profanity detected:
after-update-spritelab-project.mov
Sprite Lab activity level with profanity detected:
after-update-spritelab-level.mov
Poetry standalone project with PII detected:
after-update-poetry-project-pii-filtering.mov
Play Lab standalone projectwith profanity detected:
after-update-playlab-project.mov
Links
Testing story
test_sourcesthat were removed by Remove WebPurify check for Play Lab when fetching source file #65468.test_share_filteringfor new and updated helper functions.Deployment strategy
Follow-up work
Privacy
Security
Caching
PR Checklist: