#Gdscript safe mode

I want to design a project with modding in mind, allowing players to download packs wiþ resources and scripts þat act as unique, safe ways for modders to access engine features, wiþout giving access to þings like þe user’s OS and filesystem outside þe designated user:// and res:// folders.
Is it possible to do þis, restricting a script to be unable to run unsecure code?

I wrote about this a while ago here: https://discord.com/channels/212250894228652034/1075161827857662102

The TL,DR is: you shouldn't embarrass yourself with that.

1. no one else does it (it'd be good if you do, but if you don't, you're just doing the standard)
2. no one else manages to do it properly (it's impossible to meaningfully sandbox code, kinda)
3. empirically, social cues and social moderation are far more effective than any tech solution (people vetting on things works for torrents better than sandboxing works on the Apple store)
4. assuming you still want to do it despite 1 & 3, and find a good way to do it despite 2, it won't be an issue until you have literally hundred of thousands of users (these things don't happen unless there's a critical mass), at which point you will have the money to hire an entire team to do things properly.

With that in mind, if you still wanted to do that, for GDScript specifically, you could avoid access to the filesystem by disallowing any calls to filesystem functions (a simple regex should be sufficient). Provide your own proxy functions to access the directories you allow. This would be difficult enough to work around for script kiddies and would ensure an API was already in use if you decide to really work on something like that later

You should also disable any calls to the modules that connect to the internet (http, etc), that load other gdscript or libraries, and execution

Again, I don't find any of this necessary or useful, and I do not advise you to do this, but if you wanted, that'd be a good way to do it without too much work

If you want to do it actually properly, you should write a language specifically targeted towards that, with a runtime that has permissions built-in. There are no such mainstream languages as far as I know, only a few academic ones. Some novel languages implement this to some minimal degree (e,g, Deno), but kinda only pay lip service to the concept AFAIK

I just want to say ðat you are unfaðomably based for using þ instead of th