Script Source Changing

How to change script source via server? I’m trying to create a custom source editor for my game, which is a command prompt kinda thing; can do anything and the “brains” of the command prompt will block the request if you try to edit or change an important thing. I seen that scripts and local scripts cant change script sources, so I tried a module script upto no avail. Why?

1 Like

The source property of scripts can not be accessed by other scripts. Only by plugins and through the command bar.

Try using loadstring instead.

1 Like

May you please elaborate more? What does loadstring do?

1 Like

Only plugins and the command bar can read/write Source. You won’t be able to use the Source at runtime. loadstring like suggested is your best bet.

3 Likes

loadstring executes a given string of valid Lua code.

loadstring("print(1)")()
2 Likes

Well, it converts a string into a function, which you can later run, if we get more specific.

1 Like

Yes, that is why the last pair of parentheses are there.

2 Likes

So, that’s how most script builders were build, right? I think that loadstring is terrible in most/some cases, due to exploiters. However, fear not since It’s only for fun in a single game. I want to test my scripting skills first, then I could publish it.

1 Like

You can’t change the source of a script from any normal script, localscript, or modulescript because it doesn’t have high enough permissions. It may work in a plugin if that is what you’re looking for. If not then like said above you could use loadstring or some other sort of sandbox. See below.

2 Likes

loadstring itself is not inherently bad, but the concept of allowing clients to run arbitrary code is dangerous. You can always sandbox scripts though.

2 Likes

I guess. You should always think in advance if you want to create an antiexploit system for your loadstring script. And yes, It’s not bad; It’s the exploiters that may come with it.

1 Like

I don’t understand what you mean in the first part, but don’t really worry about exploiters. Loadstring is not really that dangerous.

First off, it can only be used by the already existing scripts, unless an exploiter gains access. If they’ve gained access, they can probably already execute arbitrary code without needing loadstring, so it’s not really that important.

The only issue is if player input is used when executing loadstring

1 Like

This is sort of true. You can’t get the Source property since the script is compiled, the source is no longer stored with the script. You also can’t set it since that’d kinda get around loadstring (although I suppose a permissions system would allow this). But that would lead to some unexpected behaviour in reference to the script. My tool is meant to be a more secure/controllable version of loadstring (and in fact uses loadstring behind the scenes which means it requires it to be enabled).

3 Likes

Just curious - I’ve never seen your tool, but what’s it’s objective if it requires loadstring to be enabled?

1 Like

It’s meant to fire, create, destroy, basically most things that a command prompt does on your system. I want users to make things at will, have creativity and stuff.

1 Like

No, I was actually asking @Hexcede

But I’ve seen games that allow players to run any code they want.

Anyway, your game is about building then?

Building their own stuff. I wish I could be able to change source of a script the server makes.

1 Like

The main thing I’ve seen with his sandbox is allowing clients to run code but under a specific environment either to add custom stuff to it easily or give less access so that people can run things without ruining the game for others.

2 Likes

It’s meant to allow for much more control over code that’s run. There’s no way to use loadstring client side if that’s what you’re thinking about. I think the dev of the lua learning game was considering using H3x (I’m not sure what they’re using currently) but I thought that was super neat.

It probably isn’t necessary to use H3x unless you plan to run user supplied code, and even then, you really have to know what you’re doing when you hook into the sandbox because you don’t want to give them access to sensitive things such as DataStores (that’s why I include a default sandbox to remove access to instances as its a harder thing to do).

1 Like

That’s what it’s intended for… I was planning to use it in a game I’ve been working on for ages now. The goal is to allow users to modify the game and attach custom AIs to a lot of the in game objects.

2 Likes