A Spigot plugin to improve the security of books with JSON content.
Minecraft books can contain interactive content, which can cause the user to run commands, open files, or open URLs. While this feature holds great potential, it also introduces risks for hackers and griefers which have misused it to take over servers in the past. While most server implementations have fixed these issues for survival mode, creative mode servers are still vulnerable to this attack vector.
This simple plugin scans book content for click actions and allows the server administrator to define a blacklist of actions which are automatically removed.
For server owners: to download completed builds are available on the release page: https://github.com/me-jndildap/BookExploitFix/releases/download/latest/BookExploitFix.jar <- click to download
For developers: contributions are welcome and encouraged. The plugin uses the maven build system, so getting set up is simple:
-
Clone the repository:
git clone https://github.com/me-jndildap/BookExploitFix -
Build the final jar:
mvn clean package
The build artifact will be in target/BookExploitFix.jar
Feel free to reach out to me if you have any concerns or wish to discuss potential contributions.
Feature Requests and Bugs:
Please create an issue to report any problems or request new features.