After an exploiter viewed private messages with an exploit in the old chat I have changed to TextChatService only to realize that the exploiter was still able to see private messages or messages that are blocked by the DeliverCallback. After investigating I have narrowed it down to the player.Chatted event which fires on the clients even on messages the player usally wouldn’t be able to see.
First Experienced: July 28th, 2023 | 05:22 AM UTC
Expected behavior: player.Chatted event not firing on messages a player cannot see
Actual result: player.Chatted event fires even on messages they would usally not be able to see
Specs:
OS: Windows 10 Pro
CPU: Intel(R) Core™ i7-3740QM CPU @ 2.70GHz
GPU: NVIDIA Quadro K1000M
Reproduction Steps:
1- Download the reproduction place file
2- Run a 3 player test
3- Send a private message from player1 to player2
4- View the chat with player3
5- Send a message that begins with “$” to test the DeliverCallback which i set up to block all messages that begin with “$”
6- View the chat with any other player
The Reproduction Place:
Chat bug.rbxl (46.0 KB)