Improve Safe MiniMessage Parser Control#8533
Merged
sovdeeth merged 4 commits intodev/featurefrom Apr 12, 2026
Merged
Conversation
APickledWalrus
requested review from
cheeezburga and
erenkarakal
and removed request for
a team
UnderscoreTud
approved these changes
Apr 10, 2026
| public LinkParseMode linkParseMode() { | ||
| return linkParseMode; | ||
| } | ||
| private TagResolver createSkriptTagResolver(boolean isSafeMode) { |
Member
There was a problem hiding this comment.
Could benefit from having a create safe and unsafe methods :)
Member
Author
There was a problem hiding this comment.
That's the internal one so I figured it'd be okay
sovdeeth
approved these changes
Apr 12, 2026
github-project-automation
bot
moved this from In Review
to Awaiting Merge
in 2.15 Releases
skriptlang-automation
bot
added
the
feature-ready
github-project-automation
bot
moved this from Awaiting Merge
to Done - Awaiting Release
in 2.15 Releases
skriptlang-automation
bot
added
completed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
While we have defined a set of MiniMessage tags we believe are best to parse automatically, some users may want more control over what is automatically parsed.
Solution
I have added a configuration option for controlling which tags are parsed by default. These can be supplied as specific tag names or the internal group used in MiniMessage (specifically, the name of the tag resolver in the StandardTags class). I have also done some reorganizing of the component parser class.
Safe Tag Changes
The primary intention (even before MiniMessage integration) was to prevent security issues from normal users sending messages with click events (e.g. to run malicious commands). That is, a common use case is something like:
Ideally, this should only process safe formatting and not potentially dangerous formatting like click events. I'm not sure this worked super well on current versions (e.g. 2.14.3), but going forward, we'll establish that only some Style-related tags (colors, decorations) will be processed by default. These are the default tags listed in the configuration file.
Testing Completed
I added a small unit test covering some parts of the component parser.
Supporting Information
n/a
Completes: none
Related: none
AI assistance: none