What triggers the Plugin Script Injection Permission?

WinnersTakesAll · April 11, 2023, 11:08pm

How would I disable script injection or find what triggers the permission?

So I own a plugin called Signs. I just recently checked on my plugin and noticed it needed script injection permissions.

Here is the same plugin with an almost exact codebase but now it doesn’t need permissions.:

Solutions I tried is to look through all code to see if it uses Instance.new() to create any form of script class whatsoever. Disabling script injection doesn’t break any functionality of my plugin and works find. I also read this post about the permissions still couldn’t find much information on diagnosing where the script injection is needed.

What triggers the script injection permission?

My plugin is completely open source so you can browse the entire codebase here:

I don’t want users to think my plugin is malicious by asking them to inject script so it is a big problem for me.

metatablecatmaid · April 11, 2023, 11:57pm

The permission is triggered when a Script object is parented to a descendant of the DataModel (placing a script in the game)

Check you haven’t got some rogue code hiding in your plugin thats inserting scripts if you dont expect it to

WinnersTakesAll · April 12, 2023, 12:45am

I’ve already checked for anything with the keyword of script and anything setting parents. Only closest thing I have so far is local plugin = script.Parent but I highly doubt.

weakroblox35 · April 12, 2023, 1:16am

look for Instance.new("Script") or Instance.new("LocalScript")

WinnersTakesAll · April 12, 2023, 3:49am

I’ve checked again and I don’t see any use of Instance.new.

TerminusEstKuldin · May 30, 2024, 12:12am

I know this post is a year old, but I found out that if you clone an object that has a script inside, that will trigger the script injection warning.