what are the weaknesses of loadstring because my map system runs code from a string value
I had a warning that loadstring can be exploited, but my map system gets the string from a certain string value and the string as code.
Just don’t use loadstring at all. I would avoid it at all costs. Can’t you import the code or is it just build in to that string value?
Here is a pretty helpful reply and check out the full post too:
EDIT: I don’t mean like avoid at ALL costs, if you really need it go for it. It can be used to playtest and run servers like ykyk. But here’s the thing, you should only run LoadString() on the Server as that’s trusted more than the client.
1 Like
Maybe that is a alternative to just import a code from a disabled script than running code from a string value.
But What are the problems and weaknesses of “loadstring” though?
How many of those Lua functions are there?
1 Like
I’m not the one to answer that, but here is another helpful page for this about bad practices:
https://devforum.roblox.com/t/what-are-your-roblox-specific-code-smells/427709/10
This also a funny one:
You get the idea, usually these functions will be very rarely seen. I mean not even myself I’m familiar with these functions, like idk what Getfenv() does or what is string.reverse(). A lot of these have to do with degraded performance in scripting and exploiting using executers externally.
Thanks
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.