Are you allowed to have a text box in which you put a pastebin link or pastebin ID so you can make an "Add On" To Your Game?

So I was wondering if you could like to have a text box in your game, in which you put a Pastebin ID or link which has a JSON encoded Lua Table. I ask this because It would be A nice way to have custom add-ons to your game. One scenario would your making a building game with models etc, but you want to have players have the ability to add their own models(example: tree). So you create a text box where you put a Pastebin id or link, send an HTTP request to the raw version of the link, get the JSON Encoded Lua Table, Turn It into a Lua Table, And Build From there. This way you could just share a link / Pastebin Id (not dev Id) and then put the id/link in, to add the add-on. Now any text would be filtered, and you cant visit another person’s build and see the add-on items, although it could just make a pop-up and ask if you want to add the add-on.
If you want to see example code, here:
JSON Form
https://pastebin.com/raw/XnzfuQUs

Lua Form
https://pastebin.com/raw/6xnRCLK0

My Main Question Is: Is This Against The Terms And Services?

I ask this because putting a link in any game is not allowed, but what if it was the other way around(player puts a link in), or it’s just an id, not necessarily a link

Example Pictures :

poorly made UI

2 Likes

It should be fine so long as you don’t put any links in and any links a player puts in are not shared to anyone else. An even safer way is to use just the code at the end rather than the full link, and you could probably get away with sharing the code that way since it is not a link.

1 Like

Wouldn’t it just be easier to allow them to import approved items through IDs or whatever? You’d probably have to screen the models for scripts though to be safe, I’d also be a little wary of allowing players to import whatever meshes/decals they want because obviously stuff does get bypassed.

I wouldn’t implement this system at all personally, just too risky, I’d just have pre-approved models that I’d already screened be available for usage.

1 Like

If you do it through pastebin via a serialization, they can’t contain malicious code

1 Like

But wouldn’t it still just be an obfuscated ID for a Roblox model? Wouldn’t the meshes/models still have to pass moderation?

1 Like

Oh, he’s not seeializing. So yes, potential for inserted scripts. Hopefully he’s accounted for that.

2 Likes

for scripts? no nono, there won’t be any of that, What my plan is or would be is that it would, like I said Decode the JSON Table, and then look for specific keys, so It doesn’t necessarily have too much control, I’m not going to have it act like an OOP add on, I would look for specific keys in a dictionary, get their value, etc, for mesh, texture id, what it would be named. although, any text would be filtered. Hopefully, you see what I meant now, in the Pastebin links I included there is how I would format it, the Lua version, not the JSON

it should probably be fine, as long as it doesnt contain malicious code