12.0.5 compat: secret-string guards + toc#9
Open
mcc1 wants to merge 2 commits into
Open
Conversation
In WoW 12.0+ (Midnight), CHAT_MSG_SYSTEM / CHAT_MSG_SKILL message arguments may be secret strings that cannot be indexed by addons. A direct call to message:match(...) on such a string raises "attempt to compare a secret value" / taints execution. Wrap the match calls in pcall so the addon degrades gracefully when the message is non-indexable, instead of erroring out. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
message:match(...)calls inOnChatMsgSkill/OnChatMsgSystemwithpcallso the addon doesn't error when 12.0+ ships a secret/non-indexable string in CHAT_MSG_SYSTEM / CHAT_MSG_SKILL.Why
Midnight (12.0) introduced "secret values" that taint execution if you try to index them directly. CHAT_MSG_SYSTEM args can now arrive as such a string, in which case
message:match(...)taints the addon. Wrapping inpcall(string.match, ...)makes the failure recoverable and silent.Test plan
OnChatMsgSkillno longer errors.OnChatMsgSystemhandles the unlearn message without taint.🤖 Generated with Claude Code