qubiz
Back to all docs
scripts:run

Scripting and Sandbox

Request isolated script execution for creator-authored code without granting broad page privileges.

scriptingsandboxpermissionssecurity

Run scripts through the host

QubizSDK.scripting.run and QubizSDK.sandbox.run use the same host bridge. The game asks the host to execute a reviewed script by scriptId or source. The host decides whether sandbox execution is available for the project and returns granted, denied, prompt_required, or unavailable.

The SDK does not eval arbitrary strings in the game frame. That keeps runtime scripting behind declared permissions and future host-side sandbox controls.

Sandbox request
const permission = await QubizSDK.requestPermissions([
  "scripts:run",
  "sandbox:execute"
]);

if (permission.status === "granted") {
  const result = await QubizSDK.sandbox.run({
    scriptId: "enemy-wave-director",
    args: { wave: 4 },
    timeoutMs: 1000
  });
  console.log(result.status, result.output, result.logs);
}