Unsafe Scripts is Filter Forge's term for scripts that have unrestricted access to all Lua functions. Normally, Filter Forge scripts are sandboxed, that is, they are executed in a restricted environment that doesn't allow them to call potentially dangerous Lua functions such as access to files or OS shell commands. However, turning the Unsafe Script option on for a script component bypasses this restriction – such scripts can read, write, rename and delete files, execute OS shell commands, access process environment variables, query system date and time, and more. For more information on availability of standard Lua functions to scripts, see Scripting API.
They may be potentially dangerous since they have access to Lua functions allowing them to read, write, rename and delete files and execute OS shell commands, but they are not inherently harmful. Anyway, you should be very careful when using filters with unsafe scripts from sources you don't trust.
Filter Forge blocks execution of unsafe scripts by default. This can be changed on the Scripts tab of the Options dialog. For maximum protection, make sure that the Enable execution of unsafe scripts checkbox is turned off. This setting acts as a global safety override – no filter can execute unsafe scripts unless it's enabled.
Additionally, the Scripts tab of the Options dialog offers an option allowing you to configure Filter Forge not to open filters containing unsafe scripts at all – by default, Filter Forge will ask your confirmation when opening filters containing unsafe scripts.
No. Filters containing script components with the Unsafe Script option turned on in their Script Settings dialog are not accepted to the Filter Library. We employ multiple protection measures, both client-side and server-side, that prevent authors from 'sneaking' filters with unsafe scripts into the Library, e.g. by manually editing the XML source of the filter.
Yes, you can open and edit filters containing unsafe scripts without executing them. This may be useful for inspecting potentially useful unsafe scripts from unknown authors. In order to do that, you should:
Now you can open filters and edit them in the Filter Editor. To examine the scripts, select the script component you want to inspect and click its Script tab. The script text will be visible and editable, but Filter Forge renderer won't be able to execute it.
