Day 2: This issue is still occurring.
Day 3: Issue still occurring.
(crap tags for no reason so i used that as proof since crap isn’t a swear, idk why it tags)
This is getting really bad, people are doing this in EVERY game.
Day 4: Issue still happening.
Day 5: Still happening.
Day 6: Still happening.
Day 7: Still happening. No response from roblox acknowledging the post.
Note
After experimenting with this to block this glitch from being used in MY games because ROBLOX isn’t doing ANYTHING, I found out you can do this with ANY letter. (still haven’t found a way to do it, because you can use regular letters. My first way was if it was only with the > key, to make it so any message containing > doesn’t show up)
Holy crap, how does this even happen at a massive company like Roblox?
This is a really urgent matter.
Is there a way I could fix this in my own game for the time being, considering we’re being forced to use TextChatService?
That’s actually known and has been reported before some times too and they still haven’t fixed it, since they’re forcing all experiences to use the built-in chat, they gotta do something with the filter.
In the follow up replies you can see the same type of bypass as in your post too along with others, it’s been months since that thread was left ignored after that
Bypassing chat filters is very possible, and even if this gets filtered, another bypass will pop up right away. I don’t think they really care about addressing this because even if they handle one case, others will start reporting different combinations, creating countless possibilities and drawing more attention to this issue, which will basically drag them into a loophole.
There are so many ways to create combinations with weird symbols that the number of possible bypasses probably exceeds millions. Recently, you might have noticed that they’re trying to prevent most bypasses by automatically converting characters from many fonts into Roblox icons in the chat, but yeah.
Also, in the About the Bug Reports, there’s a ‘Dev Text Filter Reports’ form. If you fill that out, maybe they review it, but I’m not sure, though—I’m just reading what Roblox has written.
For the time being you could fix this in your own experience by running regex to validate that messages don’t contain any words like this.
Here’s what I would do:
Implement regex to remove any symbols from user messages.
Run that resultant message through something that would censor profranity.
Check if that results in any #'s, if so censor the entire message.
A fix by Roblox would be better but that’s what I would do to fix this in the meantime.
There exist so many chat bypasses and even more severe ones that look like regular text. A lot of these use exploit scripts to automatically replace standard letters with similar looking ones. Search the video “roblox chat filter tweakin out” for an example. I have reported this exploit numerous times to the security team and was ignored. They simply do not care about this stuff.
funny that this doesn’t happen to luachatservice. Why? because the filter doesnt try to filter with escape characters compared to new chat
I’ve tested that theory with the console and the moment i replace > or < with its escaped letters, the filter stops seeing it inappropriate or anything
Even funnier is when this chat is considered “safer” when such simple bypass exists. And to make this EVEN funnier, this will be forced upon us.
Buggy TextBox enter/leave behavior, easy bypass and awful performance due to React backend (which been a thing for a year and more). Yeah. Nothing else to say about how flawed this TextChatService is.
Honestly, I wouldn’t even bother with Roblox’s support email hotline right now. It’s beyond useless. The devforum and HackerOne are really your only bets, but this is far from a day 0.
But still, it works with <13 chat filter, because the game.Chat:FilterStringForBroadcast uses <13 chat filter regardless if a user is >13 and with that filter this still worked.
At first, I would do that, but the fact that it works with ANY letter, doesn’t just have to be >, like c.r.a.p c;r;a;p clrlalp, then it would be nearly impossible to filter that way.
I do have a general understanding on why this happens due to how Roblox handles escaping rich text. The < and > are actually not the symbols themselves and are actually < and > respectively. So, the filter is technically seeing <f<u<c<k or >f>u>c>k. Doesn’t look anything close to the bypassed word when you see it like that.
The reason they use the escape form characters is so that you cannot use the rich text yourself. It automatically makes <b>bold</b> into <b>bold</b>, but displays properly on the client as <b>bold</b> and not bold. You can observe this if you use TextChatService.MessageReceived and print the message text.
This was not an issue on legacy chat since it doesn’t use RichText, but we cannot use that anymore
I made an implementation of a workaround for this. Should censor any messages in chat bypassing filters using <, >, or & to space words. Could probably be implemented even better, but I’m lazy.
There may be other symbols that can be used similarly to bypass the chat filter, but these are the only three I found.
There are two scripts in ServerScriptService, and one local script in StarterPlayerScripts, alongside two remote events in ReplicatedStorage. The basic idea behind this is restricting users so that no messages are directly shared between clients and are instead interpreted, parsed, and filtered by the server manually and distributed to all clients as if they were sent from the original user. The user that tries to bypass the chat filter will still see their message as if they have bypassed it, but all other users will see the censored message.
Credit to @GFink for the ability to compute text chat name colors and @Geomaster for their function to convert Color3 instances to hex strings.
Here is the experience.:
It is publically available if you wish to download it and play around but be aware that FilterStringAsync() only works in live-game instances.
