Object security traits are protections employed by user interface objects to restrict actions that can be taken by insecure code, such as addons.
Protected regions[]
Introduced in Patch 2.0.1, protected regions disallow the modification of secure execution attributes, positioning information, sizing, and visibility of regions during combat from insecure code.
- A common example of protected regions are Action bar buttons and Unit frames.
- The ScriptRegion:IsProtected() method can be used to query if a region will be protected in combat.
- For additional information, refer to Secure Execution and Tainting.
Forbidden objects[]
Introduced in Patch 5.4.0, forbidden objects disallow insecure code from calling almost all methods on objects under all circumstances.
- Forbidden objects were first implemented to protect the In-Game Store.
- The FrameScriptObject:IsForbidden() method can be used to query if an object is forbidden.
- The only other methods accessible to insecure code on forbidden objects are Frame:GetAttribute() and Frame:SetAttribute().
- Forbidden objects are not returned by functions such as EnumerateFrames() and C_System.GetFrameStack().
Anchor restricted regions[]
Introduced in Patch 8.2.0, anchor restricted regions disallow the querying of positional information of regions from insecure code, and the creation of anchors that would result in a region being positioned relative to two distinct anchor families simultaneously.
- A common example of anchor restricted regions are nameplates and chat bubbles.
- The ScriptRegion:IsAnchoringRestricted() method can be used to query if a region is anchor restricted.
- Methods that query positional information such as ScriptRegion:GetRect() and ScriptRegionResizing:GetPoint() cannot be called from insecure code.
- Methods that modify anchor points such as ScriptRegionResizing:SetPoint() will fail with a forbidden action error if the resultant set of anchors would bridge two separate anchor families.
- In most cases, this will trigger if attempting to anchor a restricted region to both the screen and UIParent. This can often be avoided by first calling ScriptRegionResizing:ClearAllPoints().
Inaccessible objects[]
Introduced in Patch 10.1.0, inaccessible objects are entities for which a reference cannot be obtained through any object methods, and whose named identity may be obscured.
- Inaccessible regions are used by the Private Auras UI.
- At present there is no dedicated method through which a region can be tested for inaccessibility.
- The Object:GetDebugName() method will always return a string of the form "$parent.inaccessible", with ".inaccessible" being repeated for each inaccessible and unnamed parent object in the object tree.
- The Object:GetParentKey() method will always return nil.
- The Frame:GetChildren() and Frame:GetRegions() methods will never return inaccessible child objects even if the caller is secure.
Patch changes[]
- Patch 10.1.0 (2023-05-02): Added inaccessible objects.
- Patch 8.2.0 (2019-06-25): Added anchor restricted regions.
- Patch 5.4.0 (2013-09-10): Added forbidden objects.
- Patch 2.0.1 (2006-12-05): Added protected regions.