Remove the permissions to upload WMA/WMV files

With the Developer Forums growing and fostering new users daily, I think it would be a good move to become more cautious between who we can and cannot trust. From users with malicious intent, I suggest we remove the WMV/WMA video file formats from being uploaded.

To view these video formats, you have to download them. They do not embed, downloading them can be dangerous due to a number of vulnarbilities which can be hidden inside of the raw file content. Only a quick google search will show you what can be executed and injected into your machine.

Thanks.

I don’t know about any vulnerabilities with them, but this…

This drives me nuts. When you are trying to help someone and they post a .wmv file of the video it severely harms the user experience. As you need to download it. And can’t malicious people disguise malware as anything really? And not just wmv/wma ?

In terms of video formats, yeah these do tend to be the more dangerous end of things.

Maybe a good solution is to add a Discourse plugin (not aware of it’s existence) which scans file formats before being uploaded to the DevForums cloudfront.

Imo better solution would be to add support for WMA/WMV files. It’s crazy how Roblox screen recorder outputs WMV files and even Roblox’s own forum doesn’t support them.

Couldn’t this be done with many other file types however? The best bet is to create a plugin which processes it through a vulnerability check before it can be uploaded.

Roblox’s own screen recorder is pretty stinky (iirc it outputs at 480p which by development standards is pretty bad). Nobody really uses it anymore when you have programs like OBS.

For more popular formats like MP4, it would be a problem with the video player rather than the actual file.

Yeah, but still I see many people here using it. Personally I prefer OBS over anything else.

I’d say export it as a more commonly used video format like MP4 or MOV, not wmv.

WMV/WMA are not even used by Microsoft themselves anymore since the built-in screen recorder exports as MP4 and the Sound Recorder (afaik) exports as wav.

In my experience people use the built-in screen recorder quite a bit when reporting bugs.

As soon as Roblox stops recording in wmv we can argue for removing these extensions from the forum.

Relevant security vulnerabilities with WMV files: CVE-2013-3127 : The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows Media Format Runtime 9 and 9.5, and wmvdecod.dll in

It essentially allows anyone to run any code they like on your machine.

One of the main issues of WMA/WMV files are:

Mac users cannot play them!

Many Roblox developers are on Mac and some also view the DevForum and provide help in the help section but when WMA/WMV files are sent, sadly, we cannot help. Anyway, that’s probably my only issue with them.

As b_dnd said, Mac users can not play WMV files. It is also worth noting that people browsing the forum on Android, IOS, and Linux also can’t play them.

I don’t usually ever download videos when they are on this forum. Whenever I need to upload a video I always just upload it to Youtube and then add a link, I would suggest others do the same.