Page 2 of 2 FirstFirst
  1. #21
    I went through a whole lot of ideas when I was working on how to prevent this in TMW, but in the end, there is no way to make scripts completely safe. You can isolate them into their own environment and allow them access to only a whitelisted set of functions and variables - that would mean no library access, no interaction with other addons, and it would mean I would have to significantly rewrite huge parts of TMW in order to keep any custom scripts away from parts of the addon that could allow them to break out of that environment (if anything could get access to an Ace3 module's embed list, for example, then its completely compromised).

    What I ended up doing was just to present users with a dialog any time they import anything that could be executed by TMW. The dialog includes the code itself, as well as a message that says something along the lines of "most of the time, scripts are fine, but there are mean people out there, so don't talk to strangers!". It makes naive attempts to alert the user to any malicious functions (like AcceptTrade, SendMail, etc.), but even the most trivial of obfuscation could get around them. Ultimately, its up to the user (in all cases - not just TMW) to evaluate whether they trust the code and the source of it.
    Author of TellMeWhen and many other useful and helpful addons such as SpeedyLoad.

  2. #22
    As Cybeloras describes it is possible to obfuscate the code to prevent any "keyword" matching.
    Therefore making the only sure-fire solution being an intervention from blizzard.
    They would have to adjust the functions themselves, either crippling their functionality or adding in confirmation prompts.
    Either of which are going to hurt legitimate addons and honest players.

    This isn't a "weakauras exploit", but simply using a very convenient route to do what can be done in traditional addon form.
    Quote Originally Posted by DeadmanWalking View Post
    Your forgot to include the part where we blame casuals for everything because blizzard is catering to casuals when casuals got jack squat for new content the entire expansion, like new dungeons and scenarios.
    Quote Originally Posted by Reinaerd View Post
    T'is good to see there are still people valiantly putting the "Ass" in assumption.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts