Yeah, BUT I DON’T KNOW HOW TO DO THATTTTTTTTTT. Please tell me.
I don’t know if I should filter the code, because complicated scripts will be tagged with or without bad words, I don’t think there is a work around to that. I could filter the output box, actually that might work.
1 Like
thats what i meant, people cant see scripts
1 Like
Can you only filter text on the client? Or can you do it on the server?
fi you know how to do this, be my guest Text and Chat Filtering (roblox.com) otherwise, youtube
1 Like
This is the hazard of an unsecured Lua console (and in turn any console that can modify the environment at large). You must filter out any commands that intentionally alter/tamper with the intended function of the console or it’s required components (E.G. User Interface).
This is a security vulnerability for the creator’s* project (and similar ones) that come with the ability to modify parents and children in a hierarchy. You can potentially blacklist certain elements from being destroyed or remove the keywords from your Lua Interpreter that cause this vulnerability. It’s something I think will take time to learn about and iron out, but it is just a side effect of these hobbyist projects.
The best way I believe to deal with it is to blacklist certain objects from being destroyed by running a check before executing the object destroy command which determines if the object is a part of the Lua console itself (UI, Script or other elements such as folders), though I do not know for sure how you are interpreting Lua commands in this regard or if it’s an entirely custom Lua-based derivative.
1 Like
I heard that there was a simple way to blacklist the use of require, or any other dangerous commands using fenv functions, but I can’t remember how to do that, if you know how to do that, that would be great!
I upped the security a little bit more today, by blacklisting more commands, another thing I’m looking into is filtering the output, which I am having a little trouble with, so once I get everything working, I’ll fully release it.
1 Like
This is literally why free admin games exist, messing stuff up is fun, as long as you dont get your account banned(filtering), and you cant take away other people’s permission to mess stuff up, you should be able to do pretty much everything else
Messing up stuff is fun… when you aren’t the one having to repair the broken stuff.
No one likes breaking their own things because they’ll have to repair the broken items one by one.
thats why private servers are free
You can use setfenv to change a function’s environment.
To explain this, I made a small script:
--!strict
function doBadThings()
for i, v in ipairs(workspace:GetDescendants()) do
v:Destroy()
end
end
-- The environment is all the variables you have access to,
-- like `game` and `ipairs` etc
local newEnvironment = {
["ipairs"] = ipairs,
["print"] = print
}
-- Force our function to use the new environment
setfenv(doBadThings, newEnvironment)
-- The following will raise an error because
-- there is no game in our environment
doBadThings()
Because loadstring returns a function, you can use setfenv on it. Note that setfenv and getfenv disables all luau optimizations.
1 Like