Ignore bad messages instead of sanitizing them

[deansheather]

Sanitizing messages has done more harm than good, with bots being exploited to spam many servers and raids occurring all over discord because of this relatively newly documented "feature".

I propose that Discord return a 400 response when messages that require sanitization are attempted to be sent, instead of mutating the message and sending it anyways. This would prevent clients (such as bots) being abused into sending strings that appear on their end to be "safe" but instead contain a string that gets sanitized to become @everyone.

This change would not be backwards compatible, but would only impact users that seek to abuse the platform to raid servers.

It's unreasonable for Discord to say "it's just the bot's fault" and do nothing about it when the bug has caused at least 2 major bots (including 1 partnered) in the past week to be used in raids that affect many servers.

[0w0u]

it's just the bot's fault

[nzkdevsaider]

it's just the bot's fault

[resynth1943]

To be fair though, you'd think Discord would document how they process messages server-side. In saying that, I'm really not sure how much of the Tatsumaki issue is Discord's fault, as it's common for people in their position to shirk responsibility when something like this happens.

[Lilwiggy]

Discord does document how they handle the message sanitation with recommendations on how to fix it but it's still causing more harm than good I agree.
https://discordapp.com/developers/docs/resources/channel#create-message

[SyntaxDragon]

honestly even if its 'it's just the bot's fault' why not just implement something to prevent this even if the bot is supposedly in fault or charge in preventing this, not every developer would actively bother to make sure their code will not be exploited in @everyone raids especially since it gets harder as its the bot against millions

[deansheather]

The only recommendation is remove @ symbols:

Discord may strip certain characters from message content, like invalid unicode characters or characters which cause unexpected message formatting. If you are passing user-generated strings into message content, consider sanitizing the data to prevent unexpected behavior. For example, to prevent unexpected mentions you could consider stripping @ characters or placing a zero-width space (U-200B) after them.

Even if they documented all of the things they did in detail, thousands of bots would still be affected because they wouldn't be aware of it. Messages should not be mutated by the server to make them conform to Discord's rules, they should instead be rejected outright to prevent issues like this from affecting hundreds of thousands of users.

EDIT: Putting a zero-width space after the @ sign isn't good enough because it will still get stripped if the message contains enough unicode symbols to get sanitized. I'm not a tatsu developer but the commands seem to include a ZWSP already.

[rxdn]

#1241

[samsamson33]

Wouldn't it be fine to just not sanitize bot messages? The reason cited in the docs is "unexpected message formatting", so if it's just about use experience, why not just leave that santization to the bot devs?

[cyyynthia]

To make the change non-breaking, Discord could also allow a new field "sanitize" in message create payload, that'd default to true, and when set to false would reject messages that requires to be sanitized.

It'd then be non-breaking while still letting bot developers use this new field to protect their bots from being abused, protecting users. People can argue it's up to the bot devs to sanitize, but Discord's behaviour is not clearly documented and you can also argue that server admins should not give at everyone permission to bots in the first place.

[mikeshardmind]

#1189 #1193

By changing messages without a documented set of actions, you expose users to unexpected behavior they cant properly handle While this is currently being abused for everyone mentions, it is neither the users nor the bot developers at fault. Many bots should have mention perms because they are used to manage announcements. Discord is exposing people to sanitization vulnerabilities in a misguided effort to not handle problematic Unicode. It's been said before and will continue to happen. I don't expect discord to fully support all of Unicode, but don't silently change messages; Actively reject "bad" messages instead.

[Aberrantfox]

Or maybe provide a secondary means to send messages called safeSend which will under no circumstances contain a ping. However discord wants to implement that would be up to them but it would be much easier for Discord to implement that rather than us having to do the character dance.

edit: big thumbs to @Bowser65's suggested solution as well (it's basically the same thing and I would be happy with either)

[Skillz4Killz]

If someone needs a workaround in the meantime. Send the message as an embed. Any mentions inside an embed do not send pings.

[diamondburned]

Go's implementation of escaping: https://gist.github.com/diamondburned/74c7a229be6e43cd8bd0b05ddb7d529b

[resynth1943]

I don't think the above suggestion made by @Aberrantfox is a very good one. The original idea by @Bowser65 is a much better one.

[jagrosh]

Considering that 95% of bot developers never want their bot to send @ everyone anyway, a bot-wide option would be a simple (from bot/library devs perspective) and non-breaking fix.