TaintLess: Encounter Journal loading taint via dropdowns
On Modern WoW, loading Blizzard_EncounterJournal addon while the UIDROPDOWNMENU_MENU_VALUE global variable is tainted leads to an error during a subsequent C_EncounterJournal.SetTab call.
Affected versions: Modern until 11.0 (mitigated by migrating FrameXML to another menu implementation).
To reproduce
- Simulate opening an insecure context dropdown menu by running the following macro command:
Patch 10.2.5
/run ToggleDropDownMenu(1, nil, CreateFrame("Frame"))
- Open the Encounter Journal by using its micro button key binding (SHIFT-J by default). The following interaction occurs, resulting in an addon action blocked dialog appearing:
Execution tainted by *** ForceTaint_Strong *** while reading UIDROPDOWNMENU_MENU_VALUE - Interface/AddOns/Blizzard_EncounterJournal/Blizzard_EncounterJournal.lua:2675 initFunction() Interface/SharedXML/UIDropDownMenu.lua:80 UIDropDownMenu_Initialize() Interface/AddOns/Blizzard_EncounterJournal/Blizzard_EncounterJournal.lua:375 LoadAddOn() Interface/FrameXML/UIParent.lua:576 UIParentLoadAddOn() Interface/FrameXML/UIParent.lua:746 EncounterJournal_LoadUI() Interface/FrameXML/UIParent.lua:1174 ToggleEncounterJournal() TOGGLEENCOUNTERJOURNAL:1 Global variable UIDROPDOWNMENU_MENU_LEVEL tainted by *** ForceTaint_Strong *** - Interface/SharedXML/UIDropDownMenu.lua:39 securecall() Interface/SharedXML/UIDropDownMenu.lua:75 UIDropDownMenu_Initialize() Interface/AddOns/Blizzard_EncounterJournal/Blizzard_EncounterJournal.lua:376 LoadAddOn() Interface/FrameXML/UIParent.lua:576 UIParentLoadAddOn() Interface/FrameXML/UIParent.lua:746 EncounterJournal_LoadUI() Interface/FrameXML/UIParent.lua:1174 ToggleEncounterJournal() TOGGLEENCOUNTERJOURNAL:1 Execution tainted by *** ForceTaint_Strong *** while reading UIDROPDOWNMENU_MENU_LEVEL - Interface/SharedXML/UIDropDownMenu.lua:49 securecall() Interface/SharedXML/UIDropDownMenu.lua:75 UIDropDownMenu_Initialize() Interface/FrameXML/NavigationBar.lua:16 NavBar_Initialize() Interface/AddOns/Blizzard_EncounterJournal/Blizzard_EncounterJournal.lua:457 LoadAddOn() Interface/FrameXML/UIParent.lua:576 UIParentLoadAddOn() Interface/FrameXML/UIParent.lua:746 EncounterJournal_LoadUI() Interface/FrameXML/UIParent.lua:1174 ToggleEncounterJournal() TOGGLEENCOUNTERJOURNAL:1 Interface/AddOns/Blizzard_EncounterJournal/Blizzard_EncounterJournal.lua:2675 initFunction() An action was blocked because of taint from *** ForceTaint_Strong *** - SetTab() Interface/AddOns/Blizzard_EncounterJournal/Blizzard_EncounterJournal.lua:2455 EJ_ContentTab_OnClick() Interface/AddOns/Blizzard_EncounterJournal/Blizzard_EncounterJournal.lua:462 LoadAddOn() Interface/FrameXML/UIParent.lua:576 UIParentLoadAddOn() Interface/FrameXML/UIParent.lua:746 EncounterJournal_LoadUI() Interface/FrameXML/UIParent.lua:1174 ToggleEncounterJournal() TOGGLEENCOUNTERJOURNAL:1
AddOn workaround
A workaround for this issue is included in TaintLess.