Skip to content

Releases: Blaspsoft/blasp

v4.0.1

Choose a tag to compare

@deemonic deemonic released this 27 Mar 07:02
e0a2ea5

Bug Fixes

  • Invisible Unicode bypass: Strip \p{Cf} format characters (zero-width spaces, invisible separators) from input before processing, so profanity like f⁣uck (with U+2063) is correctly detected
  • Asterisk censoring bypass: Add * as a universal letter substitution so censored profanity like f*g, s**t, f**k is detected
  • Internal masking: Use \x01 instead of * for internal masking during detection loop to prevent re-matching masked text
  • Null safety: Guard against preg_replace returning null on malformed UTF-8 input

v4.0.0

Choose a tag to compare

@deemonic deemonic released this 26 Mar 12:51
a6758c9

Blasp v4.0.0

A ground-up rewrite with a driver-based architecture, severity scoring, and deep Laravel integration.

New Features

  • Driver-based architectureregex (obfuscation/substitution detection), pattern (fast exact matching), phonetic (sound-alike evasion via metaphone + Levenshtein), and pipeline (chain multiple drivers together). Extend with custom drivers.
  • Severity scoring — Profanities categorised as mild/moderate/high/extreme with per-word weights and a 0–100 composite score. Filter by minimum severity threshold.
  • Multi-language support — English, Spanish, German, French with language-specific normalizers and severity maps. Check one, many, or all at once via fluent API.
  • Masking strategies — Character mask (*, #), grawlix (!@#$%), or a custom callback.
  • Eloquent integrationBlaspable trait auto-sanitizes or rejects profanity on model save, with withoutBlaspChecking() for bypassing.
  • MiddlewareCheckProfanity middleware to reject or sanitize profane request fields with configurable severity and field filtering.
  • Validation ruleblasp_check rule with language support.
  • Blade directive@clean($text) for output sanitization.
  • Str/Stringable macrosStr::isProfane(), Str::cleanProfanity(), and Stringable equivalents.
  • Result caching — Configurable cache driver, TTL, and key eviction.
  • EventsProfanityDetected, ContentBlocked, ModelProfanityDetected.
  • Testing utilitiesBlasp::fake() for test doubles with assertions.

Breaking Changes

  • Namespace flattenedBlaspsoft\Blasp\Laravel\ merged into Blaspsoft\Blasp\. Update any direct class references.
  • Service provider renamedServiceProviderBlaspServiceProvider (auto-discovery handles this).
  • Config file renamedconfig/config.phpconfig/blasp.php. Re-publish with php artisan vendor:publish --tag="blasp-config".
  • API changescheck() now returns a Result object with isOffensive(), clean(), score(), severity(), count(), words(), uniqueWords(). Previous methods like hasProfanity(), getCleanString(), getProfanitiesCount() are removed.

Compatibility

  • PHP 8.2+
  • Laravel 8.0 – 13.x

Full Changelog

v3.1.9...v4.0.0

v3.1.9

Choose a tag to compare

@deemonic deemonic released this 11 Feb 15:39

Bug Fix

  • Fix false positives when profanity is a substring of a regular word — Words like space, spacious, aerospace, workspace were incorrectly flagged because the profanity spac matched as a substring. Instead of adding more words to the false positives list, a systematic check now automatically skips pure alphabetic profanity matches embedded inside larger regular words.

Still detected

  • Standalone profanity (spac, fuck, ass)
  • Obfuscated variants (sp@c, f-u-c-k, a$$)
  • Conjugated forms (fucks, fucker, fuckings)
  • Compound profanity (cuntfuck, fuckingshitcuntfuck)
  • Repeated-letter obfuscation (ccuunntt, fuuuck)

No longer falsely flagged

  • Any regular word containing a profanity substring (space, spacious, aerospace, cocktails, class, etc.)

Closes #32

v3.1.8

Choose a tag to compare

@deemonic deemonic released this 03 Feb 13:51

Bug Fixes

  • Fixed false positives when profanity detection incorrectly matched across separate words:
    • "an alert" no longer flags "anal"
    • "has 5 faces" no longer flags "ass"

The fix distinguishes between intentional obfuscation (like "@ss" which contains letters + special characters) and accidental word combinations (like "an al" which contains only letters).

What's Changed

  • Improved isSpanningWordBoundary() logic to check if standalone portions contain both letters AND non-letter characters
  • Added test cases for the new edge cases

v3.1.7

Choose a tag to compare

@deemonic deemonic released this 28 Jan 21:17
7190213

What's Changed

Bug Fixes

  • fix: detect partial spacing profanity obfuscation - Profanity obfuscation using partial spacing is now correctly detected:

    • "s hit" → detected as "shit"
    • "f uck" → detected as "fuck"
    • "t wat" → detected as "twat"
    • "fu c k" → detected as "fuck"
    • "tw a t" → detected as "twat"
  • fix: convert byte offset to character offset for multibyte support - Fixed boundary checks to work correctly with multibyte characters (accented letters in French, German, etc.)

Technical Details

The isSpanningWordBoundary() method was refactored to check surrounding context instead of relying on heuristics about single-character parts. This ensures partial spacing obfuscation is detected while still preventing false positives like "This musicals hit".

Full Changelog: v3.1.6...v3.1.7

v3.1.6

Choose a tag to compare

@deemonic deemonic released this 27 Jan 13:29
5e1e0fc

Bug Fixes

  • Fix accented character false positives (#24): Added /u (PCRE_UTF8) flag to generated profanity regex patterns, preventing multi-byte UTF-8 characters (e.g. ê, é) from being matched byte-by-byte and causing false positives on words like "tête" and "aré".
  • Validate UTF-8 input: Added encoding validation at the check() entry point to sanitize non-UTF-8 strings before regex matching, preventing silent preg_match failures.

v3.1.5

Choose a tag to compare

@deemonic deemonic released this 27 Jan 12:45
0f4b293

Bug Fixes

  • check() no longer throws on empty/null strings (#29, #42) — Blasp::check() now accepts ?string and returns a clean result for empty or null input instead of throwing an exception.

v3.1.4

Choose a tag to compare

@deemonic deemonic released this 27 Jan 12:25
c4037af

Bug Fix

  • Fix false positive detection for common words (#32) — Words like "assignment", "passion", "classroom", "passenger" were incorrectly flagged because they contain the substring "ass". Added ~200 common English words to the false_positives list covering substrings: ass, tit, cum, nig, rap, nob.

v3.1.3

Choose a tag to compare

@deemonic deemonic released this 27 Jan 10:57
dffff5b

Bug Fix

  • Fix UUID flagged as profanity (#23) — UUIDs like 6ec3e80f-...-144a2ef5800b were incorrectly flagged because 800b mapped to boob via character substitutions. Added an isInsideHexToken() guard that skips matches inside UUIDs, MD5/SHA hashes, and other long hex strings while leaving normal profanity detection intact.

v3.1.2

Choose a tag to compare

@deemonic deemonic released this 27 Jan 10:21
cf7e986

Bug Fix

  • Fix circular substitution handling (#35) — Replaced sequential preg_replace with a single-pass character walker that prevents circular substitutions (e.g., French c→k and k→c) from producing malformed regex. Multi-char substitution values now use alternation instead of character classes. Language-specific substitutions are properly merged again.