Page MenuHome

Improvements to Python script autoexecution
Closed, ResolvedPublic

Description

As discussed in person several weeks ago, I would like to propose a change to the behavior of Blender when opening a file containing Python scripts (when auto execution is disabled).

Currently:

Proposed change:

Over the years the lack of a visible warning about having auto-run disabled has caused an unquantifiable amount of frustration to artists and TDs alike. I hope the issue can be addressed before the beta release.

Event Timeline

Francesco Siddi (fsiddi) triaged this task as Normal priority.

Yes, this would be a nice improvement.

In many productions I've seen the auto-run script issue be a pain.

The best solution would be to try and circumvent this entire issue so that we wouldn't even need this. The first step , which is already done, is avoiding Python for expressions, but there seems to be other issues too.

This has been an open issue since auto-run prevention was introduced (thinking about the implications at the time would have been ideal). I think that a blocking warning is the best solution. This is a losing-work situation, like quitting Blender with an unsaved file.

I would really appreciate a confirmation from @Campbell Barton (campbellbarton) or @Brecht Van Lommel (brecht) that this will be introduced before the beta.

In addition to this, some other software has the concept of trusted locations - if I open a file saved in my own trusted folder, it would auto-run scripts without prompting, otherwise it would prompt.

Did not know that!

I do think it's kind of backwards, though - I'd rather have a list of trusted paths, than a list of excluded paths.

Brecht Van Lommel (brecht) claimed this task.
Brecht Van Lommel (brecht) raised the priority of this task from Normal to Confirmed, Medium.

We can do it for the beta, I'll try to do it myself or assign it to someone else.

This is what it looks like now:

The popup is not strictly blocking at the moment, you can click outside of it to dismiss it, as this is not supported by the Blender UI code at the moment. I'm not sure if that's an issue in practice, it does appear in the center of the window where the file was opened.

Looks good! But it can get annoying rapidly and there is no help about how to prevent this.

I would add a button like "Allow Permanently", or a checkbox "Allow future scripts to execute automatically", "Allow this and future scripts to run automatically", or similar text.

If it's annoying, then it's secure, right? :)
On a more serious note, you don't want to accidentally allow execution of any future script by clicking on the wrong button. In one mockup I though of adding a text that hints where to change the setting, but that would make the message too verbose.

Having a (?) element in the interface would allow for more verbose hints, but that's for a separate topic.

If it's annoying and there is no solution then it's a poor user experience where you have to google for a solution online. The UI should hint how to solve it or allow to prevent this in the future.

A verbose message doesn't work, people don't like to read.

A checkbox on the other hand (off by default), that allows to save the user preference should be added. This kind of widgets are pretty common, usually a checkbox with the label "Don't show this dialog anymore" or similar, which wouldn't work in our case because it's not about not showing the dialog, it's about auto running scripts. Something like "Save this preference for future scripts" could do.

  • Permanently allow execution of scripts

That might be nice. What do you think?

Yeah something along those lines. What do you think @William Reynish (billreynish) ?

I can add the checkbox. The only concern is that people will just click it and then stop worrying about opening unsafe .blend files, but I guess they will have at least gotten one warning to be aware of the risk.

Brecht Van Lommel (brecht) closed this task as Resolved.Nov 2 2018, 5:35 PM

Will consider this resolved unless more issues come up.

I can add the checkbox. The only concern is that people will just click it and then stop worrying about opening unsafe .blend files, but I guess they will have at least gotten one warning to be aware of the risk.

I think we can live with that, as it's a better solution than a verbose message. Also, people nowdays do it all the time when allowing permissions on apps, grant login credentials, etc.

I don't think the dialog is annoying, it's a great improvement. Personally, I think I'll finally have the auto-run scripts off and start choosing case by case. So that's a win!

Yes this is a definite improvement. But there seems to be no great solution to this that is both secure and flexible.

The best solution by far would be to make it so our rigging systems don’t use Python for expressions, so that there are no security issues, and no need for this popup message for most rigs.

Yes this is a definite improvement. But there seems to be no great solution to this that is both secure and flexible.
The best solution by far would be to make it so our rigging systems don’t use Python for expressions, so that there are no security issues, and no need for this popup message for most rigs.

Disabling Python entirely means we loose functionality for advanced riggers,
however for nearly all cases math expressions don't use Python in 2.8x (so the common cases AFAICS wont need Python).

The more common issue now might be rigs that define their own user-interfaces in Python.