How do I run a Vim command in sandbox mode to prevent side effects?

Question

Accepted Answer

`:sandbox {command}` Vim's sandbox mode restricts what a command can do, preventing it from executing shell commands, writing files, or modifying certain settings. This is essential for safely evaluating modelines, untrusted code, or testing commands without risk.

## How it works

- `:sandbox {command}` — runs the command with restrictions
- Blocked operations: shell commands (`:!`), file writes, `system()`, `setfenv()`
- Setting changes are restricted to safe options
- Errors are thrown for blocked operations rather than silently failing

## Example

```vim
:sandbox !echo dangerous
" Error: E48: Not allowed in sandbox

:sandbox set shell=/bin/evil
" Error: E48: Not allowed in sandbox

:sandbox echo 'safe'
" Works normally: safe
```

## Tips

- Modelines are automatically run in sandbox mode for safety
- Use `sandbox` when evaluating user-provided expressions or autocmds
- `'secure'` option enables sandbox for all file-local commands
- Vim plugins can check `has('sandbox')` to detect sandbox mode

Answer

Explanation

How it works

Example

Tips

Related Tricks

How do I use a Vimscript expression to compute the replacement text in a substitution?

How do I open a file and jump directly to a specific line or pattern?

How do I search for a pattern across all files in my project with Vim's built-in grep?

How do I open a related file with a different extension using the current filename?

How do I insert the full WORD under the cursor (including slashes and dots) into the command line?