Thank you for the report.
Your expected behavior is incorrect.
If we do change this, the only logical thing will be to make only “IsLoading” work as any longer strings with embedded 0 are not the same.
So expect your “working” example to break.
I’m just curious, why does the camelCase variant work?
The code below works, the behaviour of only camelCase variants working is only present when the length of the string goes over the unsigned 8-bit integer limit, or 256 and higher.
print(__index(game, "IsLoaded\000\000\000123456789HiThere"))
Looks like they adjusted this behavior and will no longer allow extra bytes, which is unfortunate for anti-cheat development.
6 Likes
It’s part of Roblox’s reverse-compatibility layers I believe
I find it extremely funny yet frustrating how Roblox decides to patch every “good” method related to Lua Bridge to supposedly “remove old API behavior” and “clean up the codebase”. I do not get why this is a priority considering previous Roblox client source leaks were full of bug riddled code, notably the usage of (void*)NULL instead of nullptr. So there’s definitely better things to change.
They don’t actually care about real improvements, their happiness comes from breaking every single feature that does NOT impact actual gameplay at all
5 Likes
Funny thing about the new update is that this only applies to indexing with the game metatable, but for using null bytes as arguments in functions like collectgarbage for example, or using null bytes to index with the Enum metatable, it does not have the same warning.
If you are really, truly going to implement this change so that extra (null) bytes error, you might as well have a little consistency. Or is there a specific reason why it applies to the game metatable only?
2 Likes
Enums are tables that have metamethods. With the same debug.info method used in the first post, you can also get the __index metamethod of Enum.
local __index = select(2, xpcall(function()
return Enum.Status.x
end, function()
return debug.info(2, "f")
end))
print(__index)
1 Like
Once again, thank you for bringing our attention to this as we were not aware of this specific problem before.
Because of a very widespread misuse of the object field access, we have decided to add a warning to highlight the problems in the code with plans to convert it into an error in the future.
For backwards compatibility reasons, it will become an error in Studio first, followed by Servers and then at a more distant date, the Client as well (depending on velocity of developers making fixes).
What do you define as misuse of the field
3 Likes
This. Is the “misuse” perhaps correlated with anti-cheat development @WheretIB ? All it does, from what I’m seeing, is benefit developers.
2 Likes
And are you going to list a schedule for when these changes will take place
Seems like we won’t be getting an answer any time soon - it almost seems as if they are ghosting us!
5 Likes
its so over for anticheat developers, now they’re going to patch all the ContentProvider detection methods
ContentProvider detection methods were never reliable in the first place.
My guy, see it as “misuse” or not, we’re actively forced to do stuff like this in order to try and protect our games, and it’s responses like this that make people like us less and less keen to report stuff, since you’re actively making it harder for us to protect our games, not easier.
It wouldn’t be an issue if we had more robust tooling to deal with cheaters, but I don’t see that yet.
You’re also years late, this has been a thing since before Luau even existed, it’s been “abused” for decades, hell it was even documented in Synapse X’s original documentation from 2018, and what do ya know! It’s caused no issues, and only served us developers and helped our games be safer.
7 Likes
This is the most oddly specific bug ever I’m surprised you managed to find something like this out.
this is probably going to jinx it but i dont think that’s happening (ALL PUBLIC mobile exploits are BUILT upon using assets to have nice-looking uis) . . . . . . . . . . . . . . . . . unless they uhhhh . . . . . . . . . . . . . . . . . restrict coregui . . . . . . . . . . . . . . . . . . but dont do that 
1 Like
(post deleted by author)