- UIDropDownMenu_GetSelectedID taints dropdown initialization
- Fixed in Patch 8.1.0.
- UIDropDownMenu displayMode taints dropdown initialization
- Not fixed. Avoided by idiomatic code.
- UIDropDownMenu_SetSelectedValue/_Refresh can taint execution
- Not fixed. Affects the Communities UI.
- UIDropDownMenu_Refresh accesses uninitialized buttons
- Not fixed. Affects the Interface Options Frame/CUFProfiles.
Taint errors require a specific iteration of addon, UIDropDownMenu, and other FrameXML code, and can be avoided by modifying one or more of these elements. In some cases, modifications to addon code are sufficient, while in others, insecure patches to UIDropDownMenu or FrameXML code are possible, mitigating the errors for specific code paths.
There may exist additional problematic interactions that have not been described here. For those cases, having a reliable test case to reproduce an error is helpful in identifying the issue.
While it is possible to replace all UIDropDownMenu usage in addons with custom code implementing similar functionality, this is only a complete solution if the addon does not interact with any other parts of FrameXML which do use UIDropDownMenu, including for example the Interface Options frame.