Skip to content

Fix auto-link, indenting, and improve code #1258

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Sep 29, 2025
Merged

Fix auto-link, indenting, and improve code #1258

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6c0f3da
Fix hyperlinks, indenting, and improve code
Katrist Sep 27, 2025
8950fc3
Merge branch 'main' into Fix_hyperlink_indenting
IgnisRBX Sep 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 10 additions & 6 deletions content/en-us/scripting/security/security-tactics.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -199,18 +199,20 @@ An exploiter can send NaN (Not a Number) as an argument. NaN is uniquely dangero
local function onCreateTradeOffer(player, offeredGold)
-- 1. TYPE CHECK: This passes! typeof(NaN) is "number".
if typeof(offeredGold) ~= "number" then
return "Invalid offer"
return "Invalid offer"
end

-- 2. RANGE CHECK: This is bypassed!
-- (NaN < 0) is false. (NaN > 1000000) is also false. The check does nothing.
if offeredGold < 0 or offeredGold > 1000000 then
return "Offer out of range"
return "Offer out of range"
end

-- 3. INVENTORY CHECK: This is bypassed!
-- (NaN > player.Gold.Value) is false.
if offeredGold > player.Gold.Value then return "Not enough gold" end
if offeredGold > player.Gold.Value then
return "Not enough gold"
end

-- VULNERABILITY: A fraudulent trade offer with NaN gold is created!
createTrade(player, {gold = offeredGold})
Expand Down Expand Up @@ -467,11 +469,13 @@ castLightningEvent.OnServerEvent:Connect(function(player, strikePosition)
end

-- 5. Example Range validation
if not player.Character or not player.Character:FindFirstChild("HumanoidRootPart") then
local character = player.Character
local humanoidRootPart = character and character:FindFirstChild("HumanoidRootPart")
if not humanoidRootPart then
return
end

local distance = (player.Character.HumanoidRootPart.Position - strikePosition).Magnitude
local distance = (humanoidRootPart.Position - strikePosition).Magnitude
if distance > 100 then
return -- Out of range
end
Expand Down Expand Up @@ -533,7 +537,7 @@ When a client has network ownership over parts (including their character), they

**Physics manipulation**

- Control the position and rotation of any unanchored parts or mechanisms, including replicating `Inf` or `NaN` components in `Class.CFrame|CFrames`.
- Control the position and rotation of any unanchored parts or mechanisms, including replicating `Inf` or `NaN` components in `Datatype.CFrame|CFrames`.
Set part velocities to extreme values (including `Inf` or `NaN`), which can interfere with the physics of other unanchored parts/assemblies, even those that are not owned by the exploiter.
This is often used to fling other player characters and nearby parts.
Manipulate the firing of Touched events, including not firing Touched at all.
Expand Down