Implement a sandbox node

[anatoli-dp]

Describe the project you are working on

I am working on a ui system to render other user content. Think of this project like a web browser. In the basic sense It takes other peoples node setup and duplicates it on a remote machine to display.

Describe the problem or limitation you are having in your project

I have no real way to sandbox code from accessing the end users computer using the gdscript api.

Describe the feature / enhancement and how it helps to overcome the problem or limitation

I propose a node be created that acts as a pseudo root node and doesn't allow any api to be called that isn't defined within that node as well as act like the ultimate root to any children nodes (like if calling getnode.getroot or trying to '../../../../' all the way up the tree). Alternatively instead of that make like an intercept think that will trigger on any code run on children that can be used to pass custom results (so like if i called the OS api if it isnt in the intercept node script (class OS { func apiCall}) it wouldnt be allowed to execute)

Describe how your proposal will work, with code, pseudo-code, mock-ups, and/or diagrams

What im envisioning is that the sandbox or pseudo root node could have switches to allow apis to be restricted (eg calling them would error out) and/or only allow a specific api to be defined in a script attached to the node (like creating a function somefunc that can be called node.somefunc) and the children are only allowed to use those specific functions in a global space (like as if it had a unique identifier but it can be to any scene that is also instantiated in it and not just the directly attached nodes)

If this enhancement will not be used often, can it be worked around with a few lines of script?

atm i really font know how i could make a restriction like this with gdscript as every engine api is available in every script. The only other way i could do this is create my own custom language for the application or imbed a javascript/lua/whatever engine using c#/c++ and make a custom api from there

Is there a reason why this should be core and not an add-on in the asset library?

this would be super beneficial to people that want to make modding a core part of their game while keeping gdscript as the language to be used without relying on imbedding another language in the engine. This way specific apis can be defined that can be interacted with in the game as well as disallow people from creating malicious code that will interact with the end users computer in a way outside of what the game intends.

[anatoli-dp]

sorry if this is hard to read idk how to describe it well but in short its a sandbox that only allows whatever specific class api in it to be called from children and whatever is in that nodes 'allowed apis' properties.

[Zireael07]

Should be a discussion, not an issue since there is no code

[YuriSizov]

There is no concept of a sandbox mode yet, and this idea of a sandbox node sounds like an extra feature to build on top of that. Until the sandbox mode is implemented and the general issues with it are resolved, this cannot be considered (and yes, as Zireael mentions, this lacks enough implementation detail to consider on its own).

See #5010 for a proposal about the sandbox mode.
Feel free to open a discussion to talk about your idea though.