Improvements to Python script autoexecution #57197
Labels
No Label
Interest
Alembic
Interest
Animation & Rigging
Interest
Asset Browser
Interest
Asset Browser Project Overview
Interest
Audio
Interest
Automated Testing
Interest
Blender Asset Bundle
Interest
BlendFile
Interest
Collada
Interest
Compatibility
Interest
Compositing
Interest
Core
Interest
Cycles
Interest
Dependency Graph
Interest
Development Management
Interest
EEVEE
Interest
EEVEE & Viewport
Interest
Freestyle
Interest
Geometry Nodes
Interest
Grease Pencil
Interest
ID Management
Interest
Images & Movies
Interest
Import Export
Interest
Line Art
Interest
Masking
Interest
Metal
Interest
Modeling
Interest
Modifiers
Interest
Motion Tracking
Interest
Nodes & Physics
Interest
OpenGL
Interest
Overlay
Interest
Overrides
Interest
Performance
Interest
Physics
Interest
Pipeline, Assets & IO
Interest
Platforms, Builds & Tests
Interest
Python API
Interest
Render & Cycles
Interest
Render Pipeline
Interest
Sculpt, Paint & Texture
Interest
Text Editor
Interest
Translations
Interest
Triaging
Interest
Undo
Interest
USD
Interest
User Interface
Interest
UV Editing
Interest
VFX & Video
Interest
Video Sequencer
Interest
Virtual Reality
Interest
Vulkan
Interest
Wayland
Interest
Workbench
Interest: X11
Legacy
Blender 2.8 Project
Legacy
Milestone 1: Basic, Local Asset Browser
Legacy
OpenGL Error
Meta
Good First Issue
Meta
Papercut
Meta
Retrospective
Meta
Security
Module
Animation & Rigging
Module
Core
Module
Development Management
Module
EEVEE & Viewport
Module
Grease Pencil
Module
Modeling
Module
Nodes & Physics
Module
Pipeline, Assets & IO
Module
Platforms, Builds & Tests
Module
Python API
Module
Render & Cycles
Module
Sculpt, Paint & Texture
Module
Triaging
Module
User Interface
Module
VFX & Video
Platform
FreeBSD
Platform
Linux
Platform
macOS
Platform
Windows
Priority
High
Priority
Low
Priority
Normal
Priority
Unbreak Now!
Status
Archived
Status
Confirmed
Status
Duplicate
Status
Needs Info from Developers
Status
Needs Information from User
Status
Needs Triage
Status
Resolved
Type
Bug
Type
Design
Type
Known Issue
Type
Patch
Type
Report
Type
To Do
No Milestone
No project
No Assignees
9 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: blender/blender#57197
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
As discussed in person several weeks ago, I would like to propose a change to the behavior of Blender when opening a file containing Python scripts (when auto execution is disabled).
Currently:
Proposed change:
Over the years the lack of a visible warning about having auto-run disabled has caused an unquantifiable amount of frustration to artists and TDs alike. I hope the issue can be addressed before the beta release.
Added subscribers: @fsiddi, @pablovazquez
Added subscriber: @WilliamReynish
Added subscriber: @StephenSwaney
Yes, this would be a nice improvement.
In many productions I've seen the auto-run script issue be a pain.
The best solution would be to try and circumvent this entire issue so that we wouldn't even need this. The first step , which is already done, is avoiding Python for expressions, but there seems to be other issues too.
Added subscriber: @brecht
This has been an open issue since auto-run prevention was introduced (thinking about the implications at the time would have been ideal). I think that a blocking warning is the best solution. This is a losing-work situation, like quitting Blender with an unsaved file.
I would really appreciate a confirmation from @ideasman42 or @brecht that this will be introduced before the beta.
Added subscriber: @Scaredyfish
In addition to this, some other software has the concept of trusted locations - if I open a file saved in my own trusted folder, it would auto-run scripts without prompting, otherwise it would prompt.
@Scaredyfish Blender has this too. https://docs.blender.org/manual/en/dev/advanced/scripting/security.html#setting-defaults
Did not know that!
I do think it's kind of backwards, though - I'd rather have a list of trusted paths, than a list of excluded paths.
Added subscriber: @ideasman42
We can do it for the beta, I'll try to do it myself or assign it to someone else.
This issue was referenced by
c2bcde5c28This is what it looks like now:
The popup is not strictly blocking at the moment, you can click outside of it to dismiss it, as this is not supported by the Blender UI code at the moment. I'm not sure if that's an issue in practice, it does appear in the center of the window where the file was opened.
Looks quite good to me.
Fantastic. Thank you!
Looks good! But it can get annoying rapidly and there is no help about how to prevent this.
I would add a button like "Allow Permanently", or a checkbox "Allow future scripts to execute automatically", "Allow this and future scripts to run automatically", or similar text.
If it's annoying, then it's secure, right? :)
On a more serious note, you don't want to accidentally allow execution of any future script by clicking on the wrong button. In one mockup I though of adding a text that hints where to change the setting, but that would make the message too verbose.
Having a (?) element in the interface would allow for more verbose hints, but that's for a separate topic.
If it's annoying and there is no solution then it's a poor user experience where you have to google for a solution online. The UI should hint how to solve it or allow to prevent this in the future.
A verbose message doesn't work, people don't like to read.
A checkbox on the other hand (off by default), that allows to save the user preference should be added. This kind of widgets are pretty common, usually a checkbox with the label "Don't show this dialog anymore" or similar, which wouldn't work in our case because it's not about not showing the dialog, it's about auto running scripts. Something like "Save this preference for future scripts" could do.
That might be nice. What do you think?
This issue was referenced by
aa41c17d32Yeah something along those lines. What do you think @WilliamReynish ?
I can add the checkbox. The only concern is that people will just click it and then stop worrying about opening unsafe .blend files, but I guess they will have at least gotten one warning to be aware of the risk.
Changed status from 'Open' to: 'Resolved'
Will consider this resolved unless more issues come up.
I think we can live with that, as it's a better solution than a verbose message. Also, people nowdays do it all the time when allowing permissions on apps, grant login credentials, etc.
Added subscriber: @brita
I don't think the dialog is annoying, it's a great improvement. Personally, I think I'll finally have the auto-run scripts off and start choosing case by case. So that's a win!
Yes this is a definite improvement. But there seems to be no great solution to this that is both secure and flexible.
The best solution by far would be to make it so our rigging systems don’t use Python for expressions, so that there are no security issues, and no need for this popup message for most rigs.
Disabling Python entirely means we loose functionality for advanced riggers,
however for nearly all cases math expressions don't use Python in 2.8x (so the common cases AFAICS wont need Python).
The more common issue now might be rigs that define their own user-interfaces in Python.