Why is Loadstring dangerous?

112365595 · July 22, 2022, 5:12pm

Everybody says it’s dangerous yet provides no reason as to why? So can someone tell me why it’s dangerous?

tortoiseclips · July 22, 2022, 5:12pm

Because it can be used for exploiting and allow backdoors to be put into your game

112365595 · July 22, 2022, 5:16pm

Oh okay. So requiring my UI Library wouldn’t be dangerous?

tortoiseclips · July 22, 2022, 5:17pm

If it is your UI library then no it shouldn’t

tortoiseclips · July 22, 2022, 5:18pm

the only times loadstring would be unsafe is if the url has scripts for backdoors and exploits

112365595 · July 22, 2022, 5:19pm

Oh okay. So me checking scripts would just fix the dangerous issue?

112365595 · July 22, 2022, 5:19pm

Also do you think people would like UI Libraries? Should I release mine on here?

tortoiseclips · July 22, 2022, 5:19pm

Yes probably, if you are using a URL go to that url and make sure the scripts are safe

tortoiseclips · July 22, 2022, 5:19pm

I dont see why not, If it is safe then go ahead

112365595 · July 22, 2022, 5:20pm

Yeah it is. It’s just linked to a github page I made.

112365595 · July 22, 2022, 5:20pm

Alright. I will fix it though since it’s decided to not work with no errors.

cnr123451 · July 22, 2022, 5:22pm

There are two main reasons:

loadstring disables Luau optimizations because it can mess with the environment in unpredictable ways.
Because it can mess with the environment in unpredictable ways, it’s unsafe. What if the string contains variable assignments that can ruin the safety of your script? Imagine doing this in the server using a RemoteEvent; that literally is a backdoor.

SubtotalAnt8185 · July 22, 2022, 5:22pm

Roblox’s documentation explains why loadstring is exploitable. We don’t want more exploits, and event.OnServerEvent:Connect(function(_, s, v)s.Value=v end) is already bad enough.