When it comes to the chat system, there are many attack vectors they can eventually move to with ease. One thing that can be done is completely nullify the
RunScript() and
DevTools_DumpCommand() functions while a chat event is being handled.
Lua Code:
local FuncList={
"RunScript";
"DevTools_DumpCommand";
};
local FuncCache={};
for k,v in ipairs(FuncList) do FuncCache[v]=_G[v]; end
local function DummyFunc() end
local OldHandler=ChatFrame_OnEvent;
local InChatEvent=false;
local EventFrame=CreateFrame("Frame");
EventFrame:RegisterEvent("ADDON_LOADED");
EventFrame:SetScript("OnEvent",function()
for k,v in ipairs(FuncList) do
if not FuncCache[v] then
FuncCache[v]=_G[v];
if InChatEvent then _G[v]=DummyFunc; end
end
end
end);
function ChatFrame_OnEvent(...)
for k,v in pairs(FuncCache) do _G[k]=DummyFunc; end
InChatEvent=true;
OldHandler(...);
InChatEvent=false;
for k,v in pairs(FuncCache) do _G[k]=v; end
end
To protect more functions, add them to the
FuncList table.