4

We should be able to access some of it so that we can edit the placement of each GUI object inside of CoreGui. So, other than security reasons, why are we not allowed to edit placement of GUI objects?

Also, why can't trusted users use CoreScripts? What if they need to access HttpGet so they can provide a nice display showing where their best friend is at the current time and place? SocialService won't always do the trick.

Can a developer (or any other experienced Roblox player, particularly one that knows the UI in and out) please answer these questions to the best of his/her ability?

blocco
  • 163
  • 9
  • I agree with pighead10 the Mods don't want the game to be confusing to the new players. If players could access the CoreGUI then new players could accidentally delete the exit button or the help button. Hope this helped a little more! – bodesjr Nov 22 '10 at 20:35

2 Answers2

2

I asked this in the OBC cast, specifically about editing the UI inside CoreGui. I'm not sure what security reasons could be preventing this, however. They did reply - the answer was, "Well, we definitely don't want you moving the little help icon, or the exit button."

I got the feeling the general reason is because users would become confused if everything was misplaced. For example, if you went into a website where you could play several games all made by that company (like ROBLOX), would you expect the exit or help buttons to me placed differently in every game?

They did say we will be able to change the colours.

Hope this clears things up.

pighead10
  • 4,155
  • 10
  • 34
  • 52
  • That is a good answer, but I was hoping for an answer from the ROblox devs (like Telamon). :D Good answer, though. I want Telamon's opinion. – blocco Nov 22 '10 at 20:14
1

Some GUI objects like the report abuse button we don't want users to have the ability to be able to remove. Another sensitive area is the chat window. If it was completely scriptable, you could write a script to make it look like another user was saying something that he wasn't. This is not really desirable.

HttpGet is currently a privileged function for two main reasons:

  1. It would allow users to get dynamic content into levels, which would make moderation a more difficult task.
  2. Poorly or maliciously written scripts could HttpGet roblox.com in an infinite loop, sapping our server resources.

There was no obvious benefit, but some obvious downsides. We prefer to solve only the problems that need to be solved in order to ship features, so we err on the side of caution for things like this. If we later decide to open up new functionality, like making the ROBLOX social graph available through an API, we can do that with a dedicated interface that limits the number of requests you can make to the website in a given period, and only return the info that we are sure we want you to be able to get.

It's interesting to note that for a very long time Adobe Flash player didn't support TCP sockets for the same reason.

John Shedletsky
  • 7,110
  • 12
  • 38
  • 63
  • Thank you for the answer. So there is no way that users can use CoreScripts unless they work at Roblox (or are able to upload a Lua-type asset?) – blocco Nov 24 '10 at 02:29