Check blocked words against alphabet case-insensitively

[aradalvand]

The blocklist should be treated case-insensitively, which it is in isBlockedId:

sqids-spec/src/index.ts

Lines 310 to 311 in 2127f4d

	private isBlockedId(id: string): boolean {
	id = id.toLowerCase();

...but not in the constructor during the "cleanup" of the blocklist. If you have an alphabet like this (only uppercase letters):

ABCDEFGHIJKLMNOPQRSTUVWXYZ

The logic for cleaning up the blocklist in the constructor will remove the entire blocklist:

sqids-spec/src/index.ts

Lines 49 to 63 in 2127f4d

	// clean up blocklist:
	// 1. all blocklist words should be lowercase
	// 2. no words less than 3 chars
	// 3. if some words contain chars that are not in the alphabet, remove those
	const filteredBlocklist = new Set<string>();
	const alphabetChars = alphabet.split('');
	for (const word of blocklist) {
	if (word.length >= 3) {
	const wordChars = word.split('');
	const intersection = wordChars.filter((c) => alphabetChars.includes(c));
	if (intersection.length == wordChars.length) {
	filteredBlocklist.add(word.toLowerCase());
	}
	}
	}

Specifically because of this:

3. if some words contain chars that are not in the alphabet, remove those 

And more specifically this part

sqids-spec/src/index.ts

Line 58 in 2127f4d

const intersection = wordChars.filter((c) => alphabetChars.includes(c));

Where includes is doing case-sensitive comparisons.

This means you could end up with IDs that contain profanity, e.g. FUCK, BITCH, SEXY, etc.

I haven't added tests yet because I want the bug to be acknowledged first.

[4kimov]

Bug indeed acknowledged, well done! Let me add a test for my own sanity check.

[4kimov]

@aradalvand Thoughts on 02d6116 testing for this?

[aradalvand]

@aradalvand Thoughts on 02d6116 testing for this?

Yeah it's good. I'll update sqids-dotnet accordingly.

[4kimov]

Good. Thank you for the nice catch! 💪
I'll update as many as I can + create issues for others.