What is this sorcery?

loleris · February 13, 2017, 11:03am

I remember “/sc” having some weird functionalities before, even involving a client crash with a specific argument. Apparently people are exploiting /sc for guest chat now. The input bar is the Roblox default while the chat log is custom.

Also, what would be really handy if I could disallow guests completely from my game, but last time I asked I think it was against the Roblox policy.

Darkmist101 · February 13, 2017, 12:48pm

Locally it tells me I need to create an account, so unless it somehow gets through to the server I was unable to reproduce it. This was with all default chat, you sure it’s not you at all?

Also, I’ve never seen Roblox take action against games that don’t let people play under a certain age (guests included), that’s not to say they will decide they will at some point (A game with >2k was/is happily doing this).

J_J · February 13, 2017, 12:50pm

The issue with disallowing guests was they are potential customers. At least I think that was the logic last time it was brought up. Why would you bar someone that might give you money?

Darkmist101 · February 13, 2017, 12:53pm

Whenever I see that I know the developer(s) can’t deal with exploiters in any way/shape/form, so they do this so a person must have a stockpile of accounts to do damage (even though you lose >95% of real players).

I think it’s also a poor experience and should be moderated.

einsteinK · February 13, 2017, 2:13pm

I know the new chat system contains a “plugin” to disable guests from talking, but I forgot whether it’s activated by default and whether it’s client-only. If it’s just on the client, an exploiter could just easily disable that check. (but I have a faint memory it was serverside, but don’t quote me on that)

EDIT: Enabled by default, but indeed clientside:
Core-Scripts/CoreScriptsRoot/Modules/Server/ClientChat/DefaultClientChatModules/CommandModules/SwallowGuestChat.lua at master · Roblox/Core-Scripts · GitHub
Can’t find anything related to /sc as that’s quiiite an old thing…

TheGamer101 · February 13, 2017, 5:35pm

We actually check this on the server as well. The client just checks it so it can sink the message early and provide a message to the user without the need for communicating with the server. The server check is used in case someone directly fires a remote event.

github.com

ROBLOX/Core-Scripts/blob/master/CoreScriptsRoot/Modules/Server/ServerChat/DefaultChatModules/ChatMessageValidator.lua#L24


      
          
          
local DISALLOWED_WHITESPACE = {"\n", "\r", "\t", "\v", "\f"}
          
          
if ChatSettings.DisallowedWhiteSpace then
          	DISALLOWED_WHITESPACE = ChatSettings.DisallowedWhiteSpace
          end
          
          
local function Run(ChatService)
          
          
	local function CanUserChat(playerObj)
          		if RunService:IsStudio() then
          			return true
          		end
          		local success, canChat = pcall(function()
          			return Chat:CanUserChatAsync(playerObj.UserId)
          		end)
          		return success and canChat
          	end
          
          
	local function ValidateChatFunction(speakerName, message, channel)
          		local speakerObj = ChatService:GetSpeaker(speakerName)

einsteinK · February 14, 2017, 9:44am

In that case, it seems weird there’s a module for it on the client, as that kind of indicates that it’s optional (e.g. you can remove it, while there’s a comment in the module that’s like “you can remove this, but preferably not” so eh)

Can an exploiter use Players:Chat() freely?