External After Effects template security concerns

Question

Hi,

I'd like to know if opening an external After-Effects from any source is totally safe, even with "Allow Scripts to Write Files and Access Network" toggled on ?

My question may seem to be stupid, is probably stupid, and I'm sorry in advance. I'm sure 90% that the answer is "it is safe", but I'd like to get precise facts to be 100% sure.

From the scripts, it is possible to make network requests via the "Socket" class, if "Allow Scripts to Write Files and Access Network", plus it is possible to create/remove files & folders.

Is a single After Effects project able to make use of the Socket class or more generally, making network requests and filesystem operations ?

Is a single After Effects project able to ask for a script to run, or installing by itself a script ?

Sorry for such a question,

Best regards.

Mathias Moehl · Answer

As far as I know,  After Effects projects cannot trigger the execution of scripts. Of course they can evaluate expressions and I am not sure if this can be abused somehow. According to the second answer here, expressions can read files on your harddrive, so they could potentially access sensitive data. But I don't know of any way to execute files or access the network to actually leak the data after reading it.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded