Trusted Source files

I understand the need to protect computers against malicious python scripts autorunning in files downloaded from various sources. However, frequently downloaded blend files rely on python scripts to run properly.

I would like to be able to download blend files, keep my computer safe, yet get the python functions needed to run some of those files.

First question: are all the embedded python files available to be reviewed in the text editor? In other words, can I take a look at what the blend file was going to do automatically if I load the file with the trusted source turned off?

Second question: if I can see those files, what sort of thing should I look for to see whether those python scripts are legitimate or malicious?

Yeah but it kills all scripts in file I think. It kills driver scripts I know. You wouldn’t find those in text editor. I guess it’s also possible for script to generate more script. I think Rigify does that when generating a rig.

No idea about 2nd question I can barely read python. Seems like it would be a pain to investigate a .blend like that even if I could. If I didn’t trust the file I probably wouldn’t bother, or cross my fingers load it up anyway and see what happens.


Edit: Many coders here. I’m in the weeds on this. So this was a bump for you more than anything. :slight_smile: