Bug Fixes

• Invisible Unicode bypass: Strip \p{Cf} format characters (zero-width spaces, invisible separators) from input before processing, so profanity like f⁣uck (with U+2063) is correctly detected
• Asterisk censoring bypass: Add * as a universal letter substitution so censored profanity like f*g, s**t, f**k is detected
• Internal masking: Use \x01 instead of * for internal masking during detection loop to prevent re-matching masked text
• Null safety: Guard against preg_replace returning null on malformed UTF-8 input

Blasp v4.0.0

A ground-up rewrite with a driver-based architecture, severity scoring, and deep Laravel integration.

New Features

• Driver-based architecture — regex (obfuscation/substitution detection), pattern (fast exact matching), phonetic (sound-alike evasion via metaphone + Levenshtein), and pipeline (chain multiple drivers together). Extend with custom drivers.
• Severity scoring — Profanities categorised as mild/moderate/high/extreme with per-word weights and a 0–100 composite score. Filter by minimum severity threshold.
• Multi-language support — English, Spanish, German, French with language-specific normalizers and severity maps. Check one, many, or all at once via fluent API.
• Masking strategies — Character mask (*, #), grawlix (!@#$%), or a custom callback.
• Eloquent integration — Blaspable trait auto-sanitizes or rejects profanity on model save, with withoutBlaspChecking() for bypassing.
• Middleware — CheckProfanity middleware to reject or sanitize profane request fields with configurable severity and field filtering.
• Validation rule — blasp_check rule with language support.
• Blade directive — [@clean](https://github.com/clean)($text) for output sanitization.
• Str/Stringable macros — Str::isProfane(), Str::cleanProfanity(), and Stringable equivalents.
• Result caching — Configurable cache driver, TTL, and key eviction.
• Events — ProfanityDetected, ContentBlocked, ModelProfanityDetected.
• Testing utilities — Blasp::fake() for test doubles with assertions.

Breaking Changes

• Namespace flattened — Blaspsoft\Blasp\Laravel\ merged into Blaspsoft\Blasp\. Update any direct class references.
• Service provider renamed — ServiceProvider → BlaspServiceProvider (auto-discovery handles this).
• Config file renamed — config/config.php → config/blasp.php. Re-publish with php artisan vendor:publish --tag="blasp-config".
• API changes — check() now returns a Result object with isOffensive(), clean(), score(), severity(), count(), words(), uniqueWords(). Previous methods like hasProfanity(), getCleanString(), getProfanitiesCount() are removed.

Compatibility

• PHP 8.2+
• Laravel 8.0 – 13.x

Full Changelog

https://github.com/Blaspsoft/blasp/compare/v3.1.9...v4.0.0

Bug Fix

• Fix false positives when profanity is a substring of a regular word — Words like space, spacious, aerospace, workspace were incorrectly flagged because the profanity spac matched as a substring. Instead of adding more words to the false positives list, a systematic check now automatically skips pure alphabetic profanity matches embedded inside larger regular words.

Still detected

• Standalone profanity (spac, fuck, ass)
• Obfuscated variants (sp@c, f-u-c-k, a$$)
• Conjugated forms (fucks, fucker, fuckings)
• Compound profanity (cuntfuck, fuckingshitcuntfuck)
• Repeated-letter obfuscation (ccuunntt, fuuuck)

No longer falsely flagged

• Any regular word containing a profanity substring (space, spacious, aerospace, cocktails, class, etc.)

Closes #32

Bug Fixes

• Fixed false positives when profanity detection incorrectly matched across separate words:
  • "an alert" no longer flags "anal"
  • "has 5 faces" no longer flags "ass"

The fix distinguishes between intentional obfuscation (like "[@ss](https://github.com/ss)" which contains letters + special characters) and accidental word combinations (like "an al" which contains only letters).

What's Changed

• Improved isSpanningWordBoundary() logic to check if standalone portions contain both letters AND non-letter characters
• Added test cases for the new edge cases

What's Changed

Bug Fixes

• fix: detect partial spacing profanity obfuscation - Profanity obfuscation using partial spacing is now correctly detected:

  • "s hit" → detected as "shit"
  • "f uck" → detected as "fuck"
  • "t wat" → detected as "twat"
  • "fu c k" → detected as "fuck"
  • "tw a t" → detected as "twat"

• fix: convert byte offset to character offset for multibyte support - Fixed boundary checks to work correctly with multibyte characters (accented letters in French, German, etc.)

Technical Details

The isSpanningWordBoundary() method was refactored to check surrounding context instead of relying on heuristics about single-character parts. This ensures partial spacing obfuscation is detected while still preventing false positives like "This musicals hit".

Full Changelog: https://github.com/Blaspsoft/blasp/compare/v3.1.6...v3.1.7

Bug Fixes

• Fix accented character false positives (#24): Added /u (PCRE_UTF8) flag to generated profanity regex patterns, preventing multi-byte UTF-8 characters (e.g. ê, é) from being matched byte-by-byte and causing false positives on words like "tête" and "aré".
• Validate UTF-8 input: Added encoding validation at the check() entry point to sanitize non-UTF-8 strings before regex matching, preventing silent preg_match failures.

Bug Fixes

• check() no longer throws on empty/null strings (#29, #42) — Blasp::check() now accepts ?string and returns a clean result for empty or null input instead of throwing an exception.

Bug Fix

• Fix false positive detection for common words (#32) — Words like "assignment", "passion", "classroom", "passenger" were incorrectly flagged because they contain the substring "ass". Added ~200 common English words to the false_positives list covering substrings: ass, tit, cum, nig, rap, nob.

Bug Fix

• Fix UUID flagged as profanity (#23) — UUIDs like 6ec3e80f-...-144a2ef5800b were incorrectly flagged because 800b mapped to boob via character substitutions. Added an isInsideHexToken() guard that skips matches inside UUIDs, MD5/SHA hashes, and other long hex strings while leaving normal profanity detection intact.

Bug Fix

• Fix circular substitution handling (#35) — Replaced sequential preg_replace with a single-pass character walker that prevents circular substitutions (e.g., French c→k and k→c) from producing malformed regex. Multi-char substitution values now use alternation instead of character classes. Language-specific substitutions are properly merged again.

Bug Fixes

• Fixed spaced profanity detection (#36) - Spaced-out obfuscation like f u c k i n g is now correctly detected as profanity

What changed

The isSpanningWordBoundary() method was incorrectly rejecting intentional obfuscation where characters are separated by spaces. The fix distinguishes between:

• Intentional obfuscation (all parts are single chars) → now detected ✅
• Cross-word accidents (only some parts are single chars) → still rejected to avoid false positives

Example

$result = Blasp::check('This is f u c k 1 n g awesome!');
$result->hasProfanity; // true ✅

Full Changelog: https://github.com/Blaspsoft/blasp/compare/v3.1.0...v3.1.1

What's New

Custom Cache Driver Configuration

You can now specify a custom cache driver for Blasp, which is particularly useful for environments like Laravel Vapor where the default cache driver (DynamoDB) has size limits that can be exceeded when caching profanity expressions.

Usage

Set via config:

// config/blasp.php
'cache_driver' => env('BLASP_CACHE_DRIVER'),

Or via environment variable:

BLASP_CACHE_DRIVER=redis

Credits

This feature was originally proposed by @dimzeta in #25 and has been adapted for Blasp v3.0 architecture.

Full Changelog: https://github.com/Blaspsoft/blasp/compare/v3.0.0...v3.1.0

🌍 Multi-language Profanity Detection

Blasp v3.0.0 introduces comprehensive multi-language support and a completely refactored architecture for improved performance and extensibility.

✨ What's New

Added

• 🌐 Multi-language Support: Comprehensive profanity detection for Spanish, German, and French
• 🎭 Custom Mask Characters: New maskWith() method for customizable censoring characters
• 🔗 Chainable API: Simplified Laravel facade pattern with intuitive method chaining
• 📚 Language Files Publishing: Publish and customize language configurations
• 🧪 Expanded Test Coverage: Comprehensive tests across all supported languages
• 🏗️ Extensibility System: Full registry pattern for language normalizers

Changed

• ⚡ Performance Improvements: Dependency injection and simplified service architecture
• 🔧 Refactored Core: Extracted expression generation to dedicated generators
• 🎯 Better Detection: Improved substitution detection across all languages
• 📖 Enhanced Documentation: Complete API documentation with multi-language examples

Fixed

• ✅ Language switching now correctly loads language-specific profanities
• ✅ Prevented false positives from cross-word-boundary matches

Removed

• ❌ Strategy factory and plugin manager (simplified architecture)
• ❌ Domain-specific detection strategies (email, URL, phone)
• ❌ Unused strict/lenient detection modes
• ❌ Outdated documentation and duplications

📦 Installation

composer require blaspsoft/blasp

🚀 Quick Start

use Blasp\Facades\Blasp;

// English (default)
$hasProfanity = Blasp::check('some text');
$cleanText = Blasp::clean('some text');

// Multi-language support
$hasProfanity = Blasp::language('spanish')->check('texto aquí');
$cleanText = Blasp::language('french')->clean('texte ici');

// Custom mask characters
$masked = Blasp::maskWith('❌')->clean('bad words here');

📚 Supported Languages

• 🇺🇸 English (default)
• 🇪🇸 Spanish
• 🇩🇪 German
• 🇫🇷 French

💔 Breaking Changes

This is a major release with breaking changes from v2.x:

• Removed strategy factory pattern
• Removed plugin manager system
• Removed domain-specific strategies
• Simplified detection modes

Please review the documentation for migration details.

📄 Full Changelog

https://github.com/Blaspsoft/blasp/blob/main/CHANGELOG.md

v2.1.0 - Simplified Service Configuration

What's Changed

• Simplified the configure method in BlaspService class by removing unnecessary null parameter
• Improved code clarity and reduced redundancy in service instantiation

Technical Details

Modified src/BlaspService.php:

• Removed redundant null parameter from BlaspService configuration
• Streamlined service instantiation process

Upgrading

This update is fully backwards compatible with v2.0.0. No changes are required in existing implementations.

Version 2.0.0

Major Changes

• 🚀 Added caching system for improved performance
• ⚡ Added configure() method for custom profanity and false positive lists
• 🔧 Removed incomplete language support for better maintainability
• ⚙️ Updated configuration structure and options

New Features

Caching System

• Added automatic caching of profanity expressions
• Added php artisan blasp:clear command to clear cache
• Improved performance for repeated checks

Custom Lists Configuration

You can now specify custom profanity and false positive lists which override the default config:

$blasp = Blasp::configure(
profanities: $your_custom_list ,
falsePositives: $your_custom_false_positives
)->check($text);

Breaking Changes

• Removed language support functionality
• Updated configuration structure
• Changed method signatures for configuration

Configuration Updates

The configuration file now supports:

• Custom profanity lists
• Custom false positive lists
• Cached expressions for better performance

Migration Guide

If you're upgrading from v1.x, you'll need to:

1. Remove any language-specific configuration
2. Update to the new configuration structure
3. Use the new configure() method for custom lists

Requirements

• PHP 8.0 or higher
• Laravel 8.0 or higher

Description

This patch release focuses on resolving bugs and improving regex handling for better profanity detection accuracy.

Fixes

• Resolved an issue where certain profanities (e.g., a$$) were not correctly masked due to special character handling in regex.
• Improved boundary checks to ensure proper detection of embedded profanities (e.g., afuckb).
• Fixed false negatives and positives caused by specific edge cases in regex pattern matching.

Notes

• All existing tests have been validated and updated to ensure compatibility and correctness.
• This update is fully backward-compatible with v1.2.x.