How i truely sandbox "loadstring"?

I need to make the loadstring sandbox roblox stuff (like instances, game object and etc.) if i do normally (as showed) below it will just remove the ‘script’ object.

local fn = loadstring('print(game, Instance)') 
setfenv(fn, {}) -- game and instance will still be here
fn()

Wrap any objects the player wishes to access and only give them access to your proxy object with restrictions on what can be accessed from the original object.

You can overwrite the globals by calling getfenv(fn) and then overwriting them there. You could have a wrap function that recursively “wraps” an object by creating a new proxy object for any instance / property accessed through the original.

The sandboxing would come by not allowing specific methods or properties to be used on certain instances or under other conditions.

local fnenv = getfenv(fn)

fnenv.game = wrap(game)
fnenv.Instance = wrap(Instance)

Here is an article on wrapping.

Annoying part is you will have to manually define every global since you can’t iterate over the fenv for specific key/value pairs like game because of how they do those environment globals.

Thanks for the answer, but i want to “Blacklist” them, like make them unable to be accesed.

You could make it error if a certain method is called,


...
__index = function(self, index)
	if index == 'Kick' then
		return error('You cannot kick a player!')

		-- or if you're worried about it accessing a member that would be called kick

		if typeof(rawget(self, index)) == "function" then return function() error("hey!") end end
	end
end

Is there anyway i could make it not avaible than making it error when you index some
thing on it?

the second method i showed

thirty