External After Effects template security concerns

Report · May 15, 2024

Hi,

I'd like to know if opening an external After-Effects from any source is totally safe, even with "Allow Scripts to Write Files and Access Network" toggled on ?

My question may seem to be stupid, is probably stupid, and I'm sorry in advance. I'm sure 90% that the answer is "it is safe", but I'd like to get precise facts to be 100% sure.

From the scripts, it is possible to make network requests via the "Socket" class, if "Allow Scripts to Write Files and Access Network", plus it is possible to create/remove files & folders.

Is a single After Effects project able to make use of the Socket class or more generally, making network requests and filesystem operations ?

Is a single After Effects project able to ask for a script to run, or installing by itself a script ?

Sorry for such a question,

Best regards.

Report · May 15, 2024

As far as I know, After Effects projects cannot trigger the execution of scripts. Of course they can evaluate expressions and I am not sure if this can be abused somehow. According to the second answer here, expressions can read files on your harddrive, so they could potentially access sensitive data. But I don't know of any way to execute files or access the network to actually leak the data after reading it.

Mathias Möhl - Developer of tools like BeatEdit and Automation Blocks for Premiere Pro and After Effects