The script injection permission is stored in a new permissions database that remembers your plugin preference even if you uninstall a plugin, so you will only ever be shown the dialog once per plugin. Your choice can be changed from the Plugin Management dialog (accessible on the top left corner of the Plugins tab in the ribbon).
5 Likes
All this is cool, but what happened to the developer product things?
It’s showing error whenever someone trys to buy it.
Fix it please.
This seems to broke some plugins because when they create scripts they are interrupted, I have to reload Roblox Studio after allow permissions to manage scripts.
But anyways it’s a great update!
Are we likely to see similar security settings for applications that execute at runtime, or plugins which insert scripts that then execute at runtime, such as admin commands?
Developers would pre-specify the services their application requires, then when a user inserts this application (such as a model, MainModule, etc) into their place, they are prompted with a similar message informing which restricted services the application would like to use.
This would help combat malicious models which is another large vector of attack, while giving legitimate applications the settings to function fully.
It’s awesome to see these security settings for plugins. A similar approach for runtime applications would be much welcomed too!
7 Likes
I think this is a good feature but I use server defender which tends to detect malicious plugins. Here is a link to it for people who have plugins that need to insert scripts into your game in order to function: Server Defender | OFFICIAL PLUGIN - Roblox
Edit: I would recommend enabling the new plugin. If server defender detects anything, use the new ROBLOX plugin script injection disabling feature, delete the plugin, then run a server defender scan, if nothing is detected I would still use the ROBLOX find tool to look in each script and see if you find anything fishy.
What if roblox staff added this update but doesnt allow kids to copy it such as copying code and make it with copies plugin? that would be very good update.
It would be a great update, though I think it would be semi-useless for anything except seeing how it was made.
But even then, you wouldn’t need to copy/paste to copy plugin code 
1 Like
Long-term would it be possible to have both this message and the one for HTTP requests have some text attached to indicate why the plugin needs to do that? I have a plugin that makes both makes a request to GitHub and inserts scripts, so it would be nice to be able to explain myself instead of have it popup with no context.
3 Likes
The logical fallacy is that not everybody who uses Studio is a professional.
Wow, finally something against Virus plugins, thanks. This will really helps a lot. Now, the next step would to do something against plugintheft and plugin harassement, because this 2 problems (alongside with many others) are a serious problem. But, everthing has his time, and I am sure you from the Robloxstaff already have this in your To-Do list (I hope this…). This is a step in the right direction!
I would agree, however all serious developers who have been using the software long enough to be into plugins outside of F3X tend to have a level of competency that I would associate with being able to get past cheap tricks like that.
I like the idea of this but I got really confused when @TwentyTwoPilots’s road accessories started asking for script injection after working properly for years with no warning.
All in all though, This makes the community safer. Keep up the good work!
Could also be expanded to do what app store apps do, where it lists what kind of permissions it needs.
1 Like
I really like this because it makes plugins a lot more safer than before. Checking to see if they can access scripts is good on your part Roblox 
This is great!
Considering that there’s possibly thousands of virus plugins, we really needed this.
Hopefully there’s gonna be more functions that’ll combat malicious plugins going forward.
I love this. When I was starting developing, I got a random plugin that infected every place that I opened. It was impossible to get rid of. I have high expectations for this to help others for what I have gone through.
I could see alot of optimization plugins being made from this change. I like it
This is amazing it prevents game infections. Thanks for adding this i’ve been waiting to see this.
Yes, I love this. My game got infected when I was new with building and scripting. I have high hopes for this.
1 Like
This is a good idea, but needs more specific information about what plugins are accessing.
Two of my plugins got flagged as script injection with the message “Plugin [Plugin Name] is attempting to insert or modify scripts in your game”, when the only scripts that were being modified were the plugin scripts themselves, storing and retrieving data from storage modules.
I have a similar experience as Nightrains with plugins breaking after being interrupted by the message.
It’s a good step forward, but more context is needed to inform users on whether their installed plugins are safe or not.
1 Like