-3

I have a booking website like AirBnB and my users can exchange message between each other in my website.

I would like to block my users from exchanging telephone number and email address in these messages.

The way I am using is to look for 4 numeric digits together or @ and delete these before it sends the message.

Please, is there a better way to do it?

Thanks.

DevRenanGaspar
  • 373
  • 1
  • 2
  • 12
  • 2
    Users will always be able to easily circumvent this. If you block numbers in the form `555-1234`, users will type `5 5 5 - 1 2 3 4` or `"five five five, one two three four"`. The "better way" might be to block users from direct communication. – user229044 Jan 10 '19 at 14:46
  • I know, but would be nice if I could try to hold them as much as possible. – DevRenanGaspar Jan 10 '19 at 14:47
  • 2
    so get a regular expression and filter it out on submit on the server, but people will get around it with foo[at]example[dot]com and other millions of ways. It should be done on the serverside and not in the clientside. – epascarello Jan 10 '19 at 14:47
  • https://stackoverflow.com/questions/3303184/how-to-remove-email-addresses-and-links-from-a-string-in-php and https://stackoverflow.com/questions/10141295/ultimate-way-to-find-phone-numbers-in-php-string-with-preg-replace (amazing what you find with two searches) – epascarello Jan 10 '19 at 14:48
  • Epascarello, I did a lot of research before posting this as I always do. But unfortunately I couldn't phrase it in a way to find a solution. Thanks for the links. – DevRenanGaspar Jan 10 '19 at 15:01

2 Answers2

2

Ah, phone number detection.

The short answer: Fairly easily

The longer answer: No

The issue with phone number detection, is there's a lot of ways to express phone numbers.

  • I can't type 1 (800) 111 2222? What about 1-800-111-2222, and additional variants?
  • You're catching numbers? What about one eight hundred one hundred and eleven twenty two twenty two1
  • What about both? one 800 1one1 two222
  • What about foreign numbers? + 64 3 477 4000
  • What about images? Links to images?

Long story short, language is difficult and users are smart. Check out these for a bit of fun on the complexity of input/output for this kind of data: https://i.stack.imgur.com/EDwUa.jpg

Good luck.

syntaqx
  • 2,636
  • 23
  • 29
  • Thanks mate, I had searched before, but couldn't find this "Fairly easily" solution. This solves my problem, I will accepts your answer as soon as Stack allows me. – DevRenanGaspar Jan 10 '19 at 14:56
0

Use regex.

var phoneRegex = /[\+]?[(]?[0-9]{3}[)]?[-\s\.]?[0-9]{3}[-\s\.]?[0-9]{4,6}/im;
var emailRegex = /(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))/;

if(phoneRegex.test(content) || emailRegex.test(content)) 
    blockUser(); // do whatever is necessary to block the user
Mystical
  • 2,505
  • 2
  • 24
  • 43
  • 1
    Thanks, I will use it. – DevRenanGaspar Jan 10 '19 at 14:56
  • This is not really solvable via regex. As an example a (say) UK number will trivially pass that phone regex because it would start with +44 (UK country code). Even if people are disallowed from using the pattern you've given here they'd just break it up differently by adding spaces dots or even letters that the regex doesn't match. So you either end up with a regex that is useless and/or frustrates users or you go on an arms race to try and blacklist everything. This is a loss to both you AND the users. – VLAZ Jan 10 '19 at 14:56
  • @vlaz It is very hard to counter that in any situation, but this is a good way to start. People will always find a workaround around no matter how many precautions you take, and it's just that. – Mystical Jan 10 '19 at 15:00
  • 1
    I agree, those who really want to go around, will do it. But at least, some of them will just accept they should not do it. Better to block some of them, instead of no one. – DevRenanGaspar Jan 10 '19 at 15:03
  • I disagree - it's not a good start, because there is no good outcome. Users are frustrated and your effort is either fruitless or grows exponentially harder and harder to revise and maintain. In this situation everybody loses. – VLAZ Jan 10 '19 at 15:04