Why is Loadstring dangerous?

Everybody says it’s dangerous yet provides no reason as to why? So can someone tell me why it’s dangerous?

Because it can be used for exploiting and allow backdoors to be put into your game

Oh okay. So requiring my UI Library wouldn’t be dangerous?

If it is your UI library then no it shouldn’t

the only times loadstring would be unsafe is if the url has scripts for backdoors and exploits

Oh okay. So me checking scripts would just fix the dangerous issue?

Also do you think people would like UI Libraries? Should I release mine on here?

Yes probably, if you are using a URL go to that url and make sure the scripts are safe

I dont see why not, If it is safe then go ahead

Yeah it is. It’s just linked to a github page I made.

Alright. I will fix it though since it’s decided to not work with no errors.

There are two main reasons:

  • loadstring disables Luau optimizations because it can mess with the environment in unpredictable ways.
  • Because it can mess with the environment in unpredictable ways, it’s unsafe. What if the string contains variable assignments that can ruin the safety of your script? Imagine doing this in the server using a RemoteEvent; that literally is a backdoor.
1 Like

Roblox’s documentation explains why loadstring is exploitable. We don’t want more exploits, and event.OnServerEvent:Connect(function(_, s, v)s.Value=v end) is already bad enough.