You can create ur own vm and compiler
This feature has nothing to do with exploits
I mean it works, but is always terrible in terms of performance. I would love if loadstring was possible on client because a game im working on is gonna have native modding apis & in some cases i need it to be as fast as regular roblox bytecode.
I dont think we need a compiler on the client. All thats needed is for the server to compile the bytecode instead and send that to client. This would also allow for CRAZY anticheat solutions.
This announcement is quite a reminder of how much I haven’t kept up with Roblox announcements for a while… My entire thought reading this was “wait, they’re doing this after all the loadstring fiascos back in like 2011? When did they change they re-enable it and/or introduce a new system for arbitrary code execution such that they’d even have a use case for this?”
It sounds cool, I guess, but not something I’d personally have any use case for.
This is a W update I can’t wait to fully grasp it’s use-case
spamming notifications now eh
I’m not saying it does, I’m pointing out, to the people who are saying it might put an end to exploits, how it won’t actually affect anything.
Experiences such as Build Island would greatly benefit from users being able to import their creations into the experience out of Roblox Studio, but this capability has been heavily restricted due to security concerns.
Now that we are getting fine-grain control over script permissions, when can we expect to see a relaxation of InsertService restrictions?
actually amazing feature
if only we could do this but for game client features as like a select to disable
The server compiles LocalScript
source, so, this isn’t really relevant to what I’m asking for which is just a way to programmatically build new scripts on the server.
I’m feel secure and I’m very excited with this. I’m also glad roblox devs are doing this right now slight_smile:
so meaning this one
… can able not to run from the part of a Script with “require” function NICE!
First off this is great!!
Second, I have a suggestion:
For more fine-grained control, could you guys add restrictions on access to specific APIs and specific Instances? (Like add a property that is a table of instances that will be whitelisted/blacklisted that includes each instances’ descendants)
I have a game that lets players load their own models and currently I have to check each model with a backend before it gets loaded (when the Ban API came out someone went and banned everyone in the group, so I had to do that). If there were a way to restrict access to the Ban API and other things (for example, I would only want that model to be able to modify its descendants, but it should also be able to manipulate player GUIs, etc)
Not sure if I was clear with this but great feature overall!!!
^ this. I would prefer allowing for a fine grain control. I would like to have scripters to have freedom messing around with the game including stuff outside of the sandbox but rather restrict certain apis such as the ban api in particular. The majority of issues with loading scripts is that backdoor access to apis regarding kicking, banning, and scripts that use apis to get backdoor access to all servers… This only thing needed for this to be 100% helpful is full api control and once thats implemented it would help everyone.
I was messing around with the sandbox and I noticed that it’s impossible to create Sound instances. Is this intentional? I would expect this to be possible with the Audio group, or at least the Basic group. Is there a reason for this?
While we will try to keep it stable as possible during the Beta, there is still a chance for breaking changes until it’s finalized.
For now, it can be treated as opaque in binary serialization.
We have plans to make the property publicly scriptable in the future, currently that API is for built-in Studio plugins only.
We will look into adding it for ModuleScript. You can still put them under a Folder and the intent was that it will be configured for groups of things and not often individually. Problematic if the root is a ModuleScript of course.
We will look into providing access to ReplicatedStorage
and other services that are essentially ‘folders’ under AccessOutsideWrite
.
We do have plans for an API to run a function under a custom timeout, but it’s only in early design stage with problems on how to handle functions using task
library methods that have to be solved.
There are other exhaustible shared resources we are considering and there will probably will remain a way to escape a resource limit, our aim is to prevent unrecoverable data changes from being made.
We have something for this use case planned and will share details later.
New Audio APIs are available using the Audio capability.
Unfortunately, capability for legacy sound APIs was added a bit late for the current release and will come in an update.