Sandboxing Plugin Execution
Run plugins in restricted environments using setfenv/load with custom _ENV.
Why Sandbox Plugins?
Untrusted plugin code can call dangerous functions (os.execute, io.open, load) or access private application state. A sandbox restricts what code can do.
Custom _ENV in Lua 5.2+
In Lua 5.2+, each chunk's global environment is _ENV. Load a chunk with a restricted _ENV to limit its access.
local function sandbox(code, env)
local chunk, err = load(code, "sandbox", "t", env)
if not chunk then return nil, err end
return pcall(chunk)
endAll lessons in this course
- Plugin Discovery and Loading
- Plugin API and Hook System
- Sandboxing Plugin Execution
- Versioning and Dependency Management