Quantcast Taint problem with SpellBookFrame - WoWInterface
Thread Tools Display Modes
06-14-18, 06:57 AM   #1
Voxem
A Defias Bandit
Join Date: Jun 2018
Posts: 3
Taint problem with SpellBookFrame

Hi, I'm trying to write a small addon to enable the mouse wheel on the pet spellbook. The code works fine to navigate the pages, but I have a problem with taint. As soon as I use the mouse wheel on the pet spellbook, any action on the spell buttons in the pet or the normal spellbook is blocked, apart from dragging them to the action bar.
Lua Code:
  1. SpellBookFrame:HookScript("OnMouseWheel", function(self, value)
  2.     if self.bookType ~= BOOKTYPE_PET then return end
  3.  
  4.     local currentPage, maxPages = SpellBook_GetCurrentPage()
  5.  
  6.     if value > 0 then
  7.       if currentPage > 1 then
  8.         SpellBookPrevPageButton_OnClick()
  9.       end
  10.     elseif currentPage < maxPages then
  11.       SpellBookNextPageButton_OnClick()
  12.     end
  13.   end)

Here is the taint log I get when I right-click on a button to toggle autocast (no other addon loaded):

6/14 14:29:37.701 Global variable ON_BAR_HIGHLIGHT_MARKS tainted by MyAddon - Interface\FrameXML\ActionButton.lua:55 ClearOnBarHighlightMarks()
6/14 14:29:37.701 Interface\FrameXML\SpellBookFrame.lua:489 SpellButton_OnEnter()
6/14 14:29:37.701 SpellButton1:OnEnter()
6/14 14:29:37.701 Execution tainted by MyAddon while reading ON_BAR_HIGHLIGHT_MARKS - Interface\FrameXML\ActionButton.lua:59 GetOnBarHighlightMark()
6/14 14:29:37.701 Interface\FrameXML\ActionButton.lua:462 ActionButton_UpdateSpellHighlightMark()
6/14 14:29:37.701 Interface\FrameXML\ActionButton.lua:371 ActionButton_Update()
6/14 14:29:37.701 Interface\FrameXML\ActionButton.lua:334 ActionButton_UpdateAction()
6/14 14:29:37.701 Interface\FrameXML\ActionBarController.lua:151 ActionBarController_ResetToDefault()
6/14 14:29:37.701 Interface\FrameXML\ActionBarController.lua:140 ActionBarController_UpdateAll()
6/14 14:29:37.701 Interface\FrameXML\SpellBookFrame.lua:507 SpellButton_OnEnter()
6/14 14:29:37.701 SpellButton1:OnEnter()
6/14 14:29:37.701 Interface\FrameXML\SpellBookFrame.lua:1020 SpellBook_GetSpellBookSlot()
6/14 14:29:37.701 An action was blocked because of taint from MyAddon - ToggleSpellAutocast()
6/14 14:29:37.701 Interface\FrameXML\SpellBookFrame.lua:552 SpellButton_OnClick()
6/14 14:29:37.701 SpellButton1:OnClick()
  Reply With Quote
06-14-18, 01:22 PM   #2
myrroddin
A Molten Giant
 
myrroddin's Avatar
AddOn Author - Click to view addons
Join Date: Oct 2008
Posts: 882
Try a secure hook instead, which is always the best course of action when tampering with a Blizzard frame. And not seeing your entire code, do you have an EnableMouse() call somewhere? Do you need one?
  Reply With Quote
06-14-18, 04:18 PM   #3
Ammako
A Cobalt Mageweaver
 
Ammako's Avatar
AddOn Author - Click to view addons
Join Date: Jun 2016
Posts: 208
Originally Posted by myrroddin View Post
Try a secure hook instead, which is always the best course of action when tampering with a Blizzard frame. And not seeing your entire code, do you have an EnableMouse() call somewhere? Do you need one?
Doesn't need one, SpellBookFrame is already mouse-enabled.

That being said, I can't even get this to work.

lua Code:
  1. hooksecurefunc("SpellBookFrame_OnMouseWheel", function(self, value, scrollBar)
  2.     print("test")
  3. end)

https://www.townlong-yak.com/framexm...kFrame.lua#960

I don't think I'm using it wrong, either. A non-secure hook works fine in that same scenario, but of course SpellBookPrevPageButton_OnClick() and SpellBookNextPageButton_OnClick() taint it if called from non-secure addon code.

Maybe they just don't want us being able to securely hook that.
__________________
█████████████
█████████████
█████████████
█████████████
  Reply With Quote
06-14-18, 05:12 PM   #4
Fizzlemizz
I did that?
 
Fizzlemizz's Avatar
Premium Member
AddOn Author - Click to view addons
Join Date: Dec 2011
Posts: 883
hooksecurefunc replaces the function so OnMouswheel is now calling the old function.

You could try:
Code:
hooksecurefunc("SpellBook_GetCurrentPage",  function(self, value, scrollBar) 
      print("test") 
end)
Although that will call your function for the next/prev. page clicks as well as SpellBookFrame_UpdatePages().

Edit: That won't work because the function doesn't get called in the pet spellbook.

Last bullet point
If you want to securely hook a frame's script handler, use Frame:HookScript:
Which brings us back to the OP.
__________________
Fizzlemizz
Maintainer of Discord Unit Frames and Discord Art.
Author of FauxMazzle and Move Pad Plus.

Last edited by Fizzlemizz : 06-14-18 at 06:00 PM.
  Reply With Quote
06-15-18, 02:02 AM   #5
Voxem
A Defias Bandit
Join Date: Jun 2018
Posts: 3
Originally Posted by myrroddin View Post
And not seeing your entire code
That's the entire code right here. It's basically the same function as SpellBookFrame_OnMouseWheel, but applied to the pet spellbook.

Originally Posted by myrroddin View Post
hooksecurefunc replaces the function so OnMouswheel is now calling the old function.
Yeah that's the problem. I've also tried to hook both the script handler and the function, without success.
I don't really understand why it's tainting, seeing that I'm - correct me if I'm wrong - hooking securely. Am I missing something?
  Reply With Quote
06-15-18, 02:29 AM   #6
lightspark
A Frostmaul Preserver
 
lightspark's Avatar
AddOn Author - Click to view addons
Join Date: Sep 2012
Posts: 287
Originally Posted by Voxem View Post
That's the entire code right here. It's basically the same function as SpellBookFrame_OnMouseWheel, but applied to the pet spellbook.


Yeah that's the problem. I've also tried to hook both the script handler and the function, without success.
I don't really understand why it's tainting, seeing that I'm - correct me if I'm wrong - hooking securely. Am I missing something?
You use SpellBookPrevPageButton_OnClick, SpellBookNextPageButton_OnClick, which taint a lot of stuff because they're called from insecure environment.

Try commenting out both calls, and see if the taint persists You'll be surprised how easy it's to taint stuff >_>

For instance, here's my taint w/ your code

Code:
1x [ADDON_ACTION_BLOCKED] AddOn 'ls_UI' tried to call the protected function 'PetActionButton1:Show()'.
!BugGrabber\BugGrabber.lua:573: in function <!BugGrabber\BugGrabber.lua:573>
[C]: in function `Show'
FrameXML\PetActionBarFrame.lua:198: in function `PetActionBar_Update'
FrameXML\SpellBookFrame.lua:499: in function `SpellButton_OnEnter'
[string "*:OnEnter"]:1: in function <[string "*:OnEnter"]:1>
__________________

Last edited by lightspark : 06-15-18 at 02:46 AM.
  Reply With Quote
06-15-18, 04:45 AM   #7
Voxem
A Defias Bandit
Join Date: Jun 2018
Posts: 3
Originally Posted by lightspark View Post
You use SpellBookPrevPageButton_OnClick, SpellBookNextPageButton_OnClick, which taint a lot of stuff because they're called from insecure environment.

Try commenting out both calls, and see if the taint persists You'll be surprised how easy it's to taint stuff >_>
Yeah I reckoned these were responsible for the taint. I just thought that, being called like that, they shouldn't cause that much of a problem. Seems that I was wrong.

Oh well. I guess I'll abandon this idea and hope someone at Blizzard takes 2 minutes to change the function to work with the pet spellbook…

Thanks for your answers!
  Reply With Quote
06-19-18, 03:57 AM   #8
Cogwerkz
A Murloc Raider
 
Cogwerkz's Avatar
AddOn Author - Click to view addons
Join Date: Jul 2017
Posts: 7
The reason it causes taint is that the spellbook contains secure actionbuttons. You can mouse-click spells in the spellbook directly in combat. It's basically just like an actionbar.

How secure frames work, is that its parent and any frames above it in the parent/child hierarchy also becomes secure, meaning the whole spellbook is in fact a secure frame. Changing pages by clicking the prev/next buttons initiates actions that eventually hide and show the secure spellbuttons, and that is something normal Lua can not do while engaged in combat.

Think of it this way; if it contains clickable actionbuttons or clickable unitframes, normal Lua can't show, hide, move, resize or enable/disable mouse, change hit rectangles or do anything that would affect how the user interacts with it while engaged in combat. This is to avoid addons automating or exploiting the gameplay.

Not that physically using the mouse wheel to flip through the spellbook could really be exploited in any shape or form, but that's just how the system works! Go Blizz!
  Reply With Quote

WoWInterface » Developer Discussions » Lua/XML Help » Taint problem with SpellBookFrame

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off