ESOUI

ESOUI (https://www.esoui.com/forums/index.php)
-   Lua/XML Help (https://www.esoui.com/forums/forumdisplay.php?f=175)
-   -   ZO_PostHook vs. SecurePostHook (https://www.esoui.com/forums/showthread.php?t=10133)

Phinix 04/05/22 08:24 AM
ZO_PostHook vs. SecurePostHook
 
Are there any differences in terms of actual behavior?

As I understand it SecurePostHook is just a modified method of ZO_PostHook ZOS added for instances where the later was causing "from insecure code" errors.

Are there any situations where ZO_PostHook would still be preferable?

Will they eventually remove ZO_PostHook or simply make it work like SecurePostHook if not?

Baertram 04/05/22 09:33 AM
>As I understand it SecurePostHook is just a modified method of ZO_PostHook ZOS added for instances where the later was causing "from insecure code" errors.

Yep, correct afaik.

I'm always using SecurePostHook meanwhile "just to be sure" and never had any trouble so far.
If this is correct -> ZOs needs to tell us.

I guess the correct way would be to always use ZO_PostHook until you get issues, or if you are working around the inventory or other "taintable"/"secured" code (there is no list what is potentially secured, afaik, before you ask! :( ) you should use SecurePostHook.

But intentionally this was designed for e.g. inventory related stuff where the addon code "tainted" the ZOs code before the inventory was fully build-up. There also were other use-cases but this is the one I remember.

btw:
I still ran into issues with that, e.g. if you posthook the PLAYER_INVETORY.inventories[...]list.SetupFunction (or RowSetupFunciton of the scroll list, dunnot the exact function name anymore):
If I used SecurePostHook or ZO_PostHook it still threw me errors later on upon destroying items, or even mouse over or keybind usage.
If I "overwrite" it with my own post hook function it works though...

Phinix 04/05/22 05:47 PM
Thanks, Baertram. :)

I'd been doing much the same, leaning towards preferring SecurePostHook, however lately I am finding myself taking more of a similar tact to what you describe, using ZO_PostHook where post hooking is needed unless it is something which touches any inventory (including character worn inventory) in any way. I feel I am still being pretty conservative, and SecurePostHook is there in case "insecure code" errors ever do pop up.

Baertram 04/06/22 01:36 AM
Oh btw. I also use them at crafting tables where possible. I experienced (at least with worn items at improvement e.g.) it also could throw insecure errors there but this is an pretty old experience and maybe "fixed" meanwhile, or was a coincidence of other inventory related hooks that were changed to SecurePostHook too meanwhile.


All times are GMT -6. The time now is 07:31 AM.

vBulletin © 2024, Jelsoft Enterprises Ltd
© 2014 - 2022 MMOUI