I appreciate the advice, but this is a critical issue.
Yeah, it’s literally an easy fix.
It’s most likley because a new one will just pop up.
1 Like
True, but if they patch it, it will show investors and people that they care about the kids like they claim.
1 Like
For the time being you could fix this in your own experience by running regex to validate that messages don’t contain any words like this.
Here’s what I would do:
- Implement regex to remove any symbols from user messages.
- Run that resultant message through something that would censor profranity.
- Check if that results in any #'s, if so censor the entire message.
A fix by Roblox would be better but that’s what I would do to fix this in the meantime.
2 Likes
There exist so many chat bypasses and even more severe ones that look like regular text. A lot of these use exploit scripts to automatically replace standard letters with similar looking ones. Search the video “roblox chat filter tweakin out” for an example. I have reported this exploit numerous times to the security team and was ignored. They simply do not care about this stuff.
3 Likes
funny that this doesn’t happen to luachatservice. Why? because the filter doesnt try to filter with escape characters compared to new chat
I’ve tested that theory with the console and the moment i replace > or < with its escaped letters, the filter stops seeing it inappropriate or anything
Even funnier is when this chat is considered “safer” when such simple bypass exists. And to make this EVEN funnier, this will be forced upon us.
Buggy TextBox enter/leave behavior, easy bypass and awful performance due to React backend (which been a thing for a year and more). Yeah. Nothing else to say about how flawed this TextChatService is.
3 Likes
I have emailed Roblox Support a second time on a new ticket, and got the same response again.
Honestly, I wouldn’t even bother with Roblox’s support email hotline right now. It’s beyond useless. The devforum and HackerOne are really your only bets, but this is far from a day 0.
1 Like
But still, it works with <13 chat filter, because the game.Chat:FilterStringForBroadcast uses <13 chat filter regardless if a user is >13 and with that filter this still worked.
if you really wanted to you can also just put a layer between the filter
local text = player message
FilterTextForBroadcast(string.gsub(text, "<", ""))
1 Like
At first, I would do that, but the fact that it works with ANY letter, doesn’t just have to be >, like c.r.a.p c;r;a;p clrlalp, then it would be nearly impossible to filter that way.
I do have a general understanding on why this happens due to how Roblox handles escaping rich text. The < and > are actually not the symbols themselves and are actually < and > respectively. So, the filter is technically seeing <f<u<c<k or >f>u>c>k. Doesn’t look anything close to the bypassed word when you see it like that.
The reason they use the escape form characters is so that you cannot use the rich text yourself. It automatically makes <b>bold</b> into <b>bold</b>, but displays properly on the client as <b>bold</b> and not bold. You can observe this if you use TextChatService.MessageReceived and print the message text.
This was not an issue on legacy chat since it doesn’t use RichText, but we cannot use that anymore 
I made an implementation of a workaround for this. Should censor any messages in chat bypassing filters using <, >, or & to space words. Could probably be implemented even better, but I’m lazy.
There may be other symbols that can be used similarly to bypass the chat filter, but these are the only three I found.
There are two scripts in ServerScriptService, and one local script in StarterPlayerScripts, alongside two remote events in ReplicatedStorage. The basic idea behind this is restricting users so that no messages are directly shared between clients and are instead interpreted, parsed, and filtered by the server manually and distributed to all clients as if they were sent from the original user. The user that tries to bypass the chat filter will still see their message as if they have bypassed it, but all other users will see the censored message.
Credit to @GFink for the ability to compute text chat name colors and @Geomaster for their function to convert Color3 instances to hex strings.
Here is the experience.:
It is publically available if you wish to download it and play around but be aware that FilterStringAsync() only works in live-game instances.
1 Like
This issue is occurring more and more, another user reported it as well (unaware to this already being a post), so this needs to be fixed soon. here (might get deleted sicne it’s a duplicate topic)
Does it “patch” this glitch and prevent l>e>t>t>e>r bypass, but also allow users to have 13+ filter and <13 filter?
-
Yes, it prevents bypasses using
<,>, and&, all of which are encoded by richtext as<,>, and&respectively. -
No, but I can easily add that functionality. I may add that if you so choose. Currently it filters text so that it is safe for all users, but I can see how you may want different filtering for 13+ vs <13 users. I’ll work on implementing this, alongside uncensoring messages using the filtered symbols that aren’t being used for bypassing.
It’s been 15 days since I originally reported this issue, and despite multiple bumps and a response from another user experiencing the same problem, Roblox has yet to acknowledge this critical vulnerability. Instead of addressing the issue, moderators have deleted my posts attempting to bring attention to the problem.
This chat filter bypass is a serious issue that allows users to bypass all filtering and potentially expose others to inappropriate content. It’s concerning that Roblox is not taking this issue more seriously, especially considering the potential impact on younger users and the fact that moderators are actively suppressing discussion about it.
1 Like
Closing to avoid spam.
TO ENG ; Open the thread when responding.