NaN has to exist since it’s a primitive number value, meaning it’s a value that coexists real numbers (-Inf:+Inf)
Without it, and replacing its functionality with for example a 0, you’d be hard pressed to find you’ve got a calculation error when it doesn’t blatantly scream what expressions are invalid at you.
I speak from experience. Had an issue about 5 years ago where a value always resulted in 0 (should’ve been NaN, I guess it was an edge case years ago) in an equation with I believe 9 different steps of calculation.
Anyways, back to the actual Topic, this is a good resource, and I’ve actually had issues with the obscure JSON Injection.
…Albeit it was unintentional and my fault, in the end I noticed I was accidentally concatenating a string pattern that matched a key|value pair (for removing it before saving since it effectively wiped data) to the players customizable “Description” data before sending it. I forget exactly what the pattern I was matching was, but it was being added as a key|value entry to the JSON and for some reason it was not removed by my gsub calls (likely because a pattern was trying to find its *escaped equivalent) and as such it would consistently wipe data.
*Elaborating on escaped: Since the description field in particular could contain newlines and other control characters, items that coincided with control characters for text and patterns were escaped before writing the data.
Anyways, it’s 2:22 AM, never mind it’s 2:23 AM, so I’m going to go off and do something else like the night owl I am. Thanks for sharing, I kind of rambled on here.
This is probably not 100% related, but if you dont like writing long ifs for typechecking remotes, try t its really useful
--//*.client.lua
local remote = game.ReplicatedStorage.RemoteEvent
remote:FireServer("value")
-//*.server.lua
local remote = game.ReplicatedStorage.RemoteEvent
local t = require(path.to.t)
local tuple = t.tuple(t.string, t.number)
remote.OnServerEvent:Connect(function(str, num)
assert(tuple(str, num))
--now you can just assume thats that type
-- without long ifs
end)
Yeah, you know a lot about the topic yourself, but many developers do not. I’d take a guess that about 80% of the #help-and-feedback:scripting-support category doesn’t even have remote protection cross their mind; because they’re still experimenting, or doing a commission, where the developer is taking care of remote protection, etc.
TL;DR
Just because you know about this stuff doesn’t mean you should be tearing it down so other developers cannot understand this stuff. Just like exploits; if you know how to prevent dex, it doesn’t mean you should be telling other people “it’s impossible”. You should be encouraging them to find the answer,
NaN used to not exist but it is great it does (introduced in 1985), NaN used to just overflow instead of being treated like a proper number, if it was not a number many possible mathematical equations would be much harder to write (and may have to logarithmic) as well as possibly become a brand new attack vector on many different endpoints (including Roblox games!)
I need to bump this thread to update people on the issue with a certain patch I shared.
Hi all, a while ago I released this github gist detailing various ways a malicious actor could cause a data rollback.
In an example explaining how simply a short 1 character string can cause a data store error there use to be a different patch I presented, someone posted a what I thought was a better solution using utf8.len but yesterday I found out that it isn’t a solution because it can be bypassed. I’ve updated my gist since to remedy this. The new patch, instead of utf8.len can be found here.