We recently banned an exploiter in my community using a chat-bypassing exploit to say NSFW words and such. The specific details of this will be in the staff only section of this report due to the sensitive content.
Exploit Clues:
A private message is associated with this bug report
If this is using Rich Text escape forms or accented characters, this has been reported multiple times without any response.
I have a solution regarding the escape forms (<, >, ", ’ and &) here: Filtering New Chat Bypasses with the Introduction of TextChatService
I have a solution for the accented characters aswell but it is too memory intensive to be implemented as a script and requires native engine support.
They were using the native chat, nothing we created ourselves. We have Adonis Admin, and we used that in this report - to provide context of the issue. I sure do hope they do something. I had moderation action the other day that was absurd yet, they take no action on things like this that actually make the platform unsafe.
Yes, native chat has been moved to Rich Text, which is what currently is the cause of these bypasses. For the escape forms half characters like <, >, ", ’ and & are interpreted by the filter as strings. For example I believe the ampersand symbol is interpreted as ;amp; which confuses the filter. Similar circumstance with accented characters as the filter does not recognize them as their unaccented counterparts. Unfortunately there, there is no pretty and memory efficient way to convert these utf-8 characters to their ASCII counterparts via scripting that I know of. I created a program in Lua to do this but it is too large to be used in Roblox, which is why we need an in engine method.
Thank you for the report. We are investigating the issue.
Yeah, I noticed chat supports Rich Text. The forced use of the newer chat service will no doubt reveal issues. And I see a staff member has acknowledged this report now and hope a fix is quick.