Skip to content

Things you cannot say on Facebook, SQL Edition

EDIT: This is now fixed. Facebook worked on the bug report and fixed the problem within 72 hours, including rollout.

Where I work, I am using an instance of Facebook at Work to communicate with colleagues. That is basically a grey-styled instance of Facebook which is supposed to run a forked codebase on isolated servers.

Today, it would not let me write the following SQL in Chat, in Facebook notes or comments:

Other versions of the error message complain about it being Spam, or mention the string as being problematic.

Why is that?

So when you write anything anywhere in Facebook, Facebook tries to URLify things.

For that, it breaks things into items that look like potential domain names, and checks if they could be domain names. It then create an “a href” wrapper around that and links to that.

Because that’s a way to transport Spam and malicious content, there is a list of blocked things, and that then triggers the above blocking mechanism.

So we have the above SQL, which contains the phrase “sd.date_of_delivery”.

The underscore is not part of DNS, so the tokeniser turns this into

There is a dot date TLD.

So Facebook wrongly tries to turn sd.date_of_delivery into sd.date_of_delivery, which clearly is not my intention, and then spamblocks me.

This is wrong on many levels:

  • On a business instance of Facebook it has literally no business to listen in, but does.
  • When every word of the english language turns into a TLD, auto-URLifying stuff becomes completely, utterly useless. The above example contains the expression, too, and no, it’s not intended to be a link.
  • The is clearly and obviously code, SQL to be specific. All the machine learning in the world did not help you to detect that, though.

And it’s not even, you only made it into that, because

  • You can’t write proper parsers, too.
  • And you forgot to implement the switch to globally turn off that misfeature in the preferences. Because I am old-school. When I want a link, I actually write https://

So annoying.

EDIT: As a colleague of mine cleverly pointed out, you can fool the thing with zero width characters in UTF-8. I am undecided if that is a bug or a feature.

EDIT: As a user, I want control over URLification: Give me an off switch that does not URLify unless I prefix http:// or https://.

As a user, I want a proper parser, that does not try to turn sd.date_of_delivery into a

As a user, I would rather have anything not URLified, but also not blocked, than having things blocked after URLification.

As a user of corporate facebook, I’d like to have the entire product take into account that it is in a corporate environment instead of still trying to behave like blue facebook. The engagement engine, the link-wrapping and and much of the other stuff are a complete nuisance and counterproductive in a paid-for corp use-case.

Published inHackerterrorcybercyberMedia


  1. Quork

    In other words: The thing breaking the world on so many levels is broken on so many levels. Hilarious.

  2. Martin

    and here I thougt it would complain about ‘cnt’ being offensive …

  3. Louis

    Maybe stop allowing a dubious entity control over how you communicate…

  4. Jatin

    You can write code block in FB within blocks surrounded by three ticks (like markdown)

    • kris kris

      That will not prevent from being spamblocked.

  5. Erik

    Super-easy fix: Don’t use Facebook, at all!

    What if, in the future, you become a competitor to them?
    They can then use all of the info you gave them in a silent way to crush you.

    There are better alternatives!

  6. Sam

    What is corporate facebook?

  7. Pro

    Don’t be a little crying girl.. Next thing you will want to disable emoji?
    Use your tools correctly. Three ` ticks will do the trick.

    your sql here

    • kris kris

      That will not prevent from being spamblocked (nor will it prevent facebook from trying to run sd.date_of_delivery through the URLifier, creating from wrong parsing, and then triggering the spamblock).

  8. I’ve had the same problem with Slack. I’m kinda sure their backtick code escaping will not misbehave as badly as this but I’m also not completely sure.
    You definitely can’t just post stuff (that is not code) without it mangling the text, always need to treat it as preformatted :(

  9. Lodewijk André de la Porte

    I kind of just want to say

    “When you decided, as a company, to purchase closed source software, you gave away part of your intellectual process to a third party without any say in it. You’ve found your partner has different priorities wrt software, and you are too small a client to get special attention.”

    Basically, you should’ve bought OSS if you wanted to affect it.

    • kris kris

      And which software specifically? We are talking about anything that can facilitate communication for a 20.000 people corporation, including individual and group streams, large scale chat and live video streaming of meetings.

  10. Peter Pan

    Complainig about Facebook ?
    Hey, that’s kinda smart, man.

    • Peter Pan

      Sry – I did not mean to be offensve.

      It’s just that using FB tools does not add to your employer’s reputation, IMHO.

      • kris kris

        Have you tried the corporate facebook tooling, or what exactly are you basing your opinion on? What OSS do you compare it to?

Leave a Reply

Your email address will not be published. Required fields are marked *