Please remember this category is for features inside the latest pre-release only. To make a new suggestion for Java (like a block or gameplay suggestion), please use the appropriate category for your suggestion.

← Minecraft: Java Edition Snapshots
90
Follow

Command Confirmation Screen should be removed, limited, or disableable.

The confirmation should either be removed, limited to only specific problematic instances, and/or have a setting to disable it.

The command execution confirmation screen makes existing datapacks and similar features more clunky while doing next to nothing to protect users. There is almost no instance in which a malicious command can be prevented by this screen as the screen must first be triggered by the server or a prior command (by /tellraw, giving a book with on_click elements, or /dialog) which means you cannot "trick" a player into doing something that can't be done without going through the screen. With my current understanding, having taken cyber security courses and running my own Minecraft server, I cannot devise a method wherein this could prevent or warn of malicious command execution. In the case of accidentally clicks or command mistakes, this menu will generally either be ignored, used only for testing purposes while putting a system together, fail to be useful because the user already doesn't know that the command it displays is broken, or should have a more descriptive custom confirmation dialog created by the person who wrote the dialog instead. This also gives a stronger preference to servers with plugins because they can respond to the "custom" on_click action.

Avatar
Registered User shared this idea

13 Comments

Please sign in to leave a comment.

Date Votes
Sorted by oldest
  • 9
    Registered User commented
    Comment actions Permalink

    Yes, because it's too ennoying

  • 14
    Registered User commented
    Comment actions Permalink

    These actions are also almost always accompanied with a datapack which

    1. the player themselves installed, basically modding the game and requiring direct server access

    2. can easily hide malicious commands within a function named whatever they want

    3. can circumnavigate the whole point of the warning by using a custom trigger detected by the datapack to execute whatever is desired

    All this succeeds in doing is hampering actual and earnest pack devs and players with a useless warning and no way of turning it off, at the very least please give us a checkbox or option to "Never show this again" for the warning for that world, namespace, or minecraft instance. 

  • 10
    Registered User commented
    Comment actions Permalink

    It's into June and I've been working on a written-book project with commands specifically designed to aid in larger creative projects, for several months now.  WHY are these warnings only showing up now and YES PLEASE, include some kind of option for us datapack makers to bypass it.

  • 6
    Registered User commented
    Comment actions Permalink

    YES! This is actually annoying af.

  • 7
    Registered User commented
    Comment actions Permalink

    YES. This prompt does not help at all and is just super annoying. /trigger is also annoying to set up and has severe problems. This should definitely be removed. Again, just like the chat censoring, this is not a "problem" YOU should mess with.

  • 8
    Registered User commented
    Comment actions Permalink

    If the pop up only occurred for commands of permission level 3 and above (/kick, /ban, /op, /whitelist, etc.), this would actually make sense, since a level 2 op could hypothetically trick a level 3+ op into running a nefarious click event (level 2 has the means to create a click event with commands above their permission, 3+ has the means to run it). It makes little sense for typical level 2 commands.

  • 7
    Registered User commented
    Comment actions Permalink

    Please give me a toggle for this. It's MY datapack on MY world that I HAVE WRITTEN. I do not need this prompt showing up every time I want to run a command that changes me to creative mode.

  • 8
    Registered User commented
    Comment actions Permalink

    PLEASE REMOVE THIS ITS BREAKING MY MAPS

  • 7
    Registered User commented
    Comment actions Permalink

    Since the introduction of the confirmation screen, it often does more harm than good — especially on servers or in adventure maps. It severely disrupts the gameplay experience and can even render some worlds unplayable. The confirmation message shows the entire command being executed, which may reveal sensitive or hidden technical functions to players who should not have access to them. These commands may fall under the intellectual property of the map creators. This opens the door to misuse and could even lead to unauthorized copying or exploitation.

    I therefore urgently request that an option (e.g. a gamerule or setting) be added that allows administrators to disable or limit this confirmation screen where appropriate.

  • 6
    Registered User commented
    Comment actions Permalink

    If an operator could create a supposedly harmful click event, then they have every means to just run a harmful command themselves. I really don't see how this prevents misuse. Ultimately, the problem lies on server administrators to manage their servers properly and for operators to use their power appropriately.

  • 5
    Registered User commented
    Comment actions Permalink

    Pls remove this

  • 1
    Registered User commented
    Comment actions Permalink

    I really understand the dangerous part about it. Someone could download a datapack which pretents to be a useful dialog based utility addition but then runs something like "/kill @e" or "/stop" in the background potentially breaking a lot of stuff in a world or maybe even a public server but wouldn't it be nice to add something like "/datapack trust [datapack-name]" so the operating users can decide themselves to disable additional security features for a specific datapack?

    For run_command in the chat, inside books and any other text component this could be determined by a setting in the users Minecraft settings.

  • 0
    Registered User commented
    Comment actions Permalink

    This is actually very annoying. As a passionate maker of story-driven adventure maps, this literally KILLED my drive for it. I have had more than 300 lines of dialogue written in 3 languages using the Tellraw command in command blocks (I know of the trigger command, but it is more difficult to use, and when there is so much dialogue, it takes a very long time to implement), and have a "skip" or "forward" button at each dilogue line for the player to take their time to read and advance as they need. This destroys the immersion and the frictionless design of my Minecraft maps - I try to make them as easy and hassle-free to set up and play as possible. I'd really appreciate a sort of toggle for this, preferably in the form of a gamerule.