Remind me, is table itself tainted when you insecurely add/replace key/value pair?
 

I just noticed this familiar UI panel "click" every time I used AP item and since I was also working with Artifact API at the time, I immideately thought that someone is obviously scanning artifact on each update without disabling panel as they should. Search for SocketInventoryItem found that ExRT (Exorsus Raid Tools) was the culprit, but I also found following piece of code there:


So, as subject says, would that make any access to C_ArtifactUI itself tainted and bring all kind of funky errors in combat?

As far as I know, only things directly used in combat can be tainted. Since Artifact data isn't normally called on during combat, changing that table wouldn't cause a taint. That particular function replacement is to fix a Blizzard issue where arg1 returns nil upon startup, causing errors to any addon that loads and wants Artifact info due to the Artifact frame comparing the returns of that function to a number.

Taint spreads and does so no matter if you're in combat or not. Combat only makes problem visible - that's why I'm interested if it affects entire table or only GetTotalPurchasedRanks.

I'm not a fan of modyfing Blizzard functions at all, but If there's problem in UI function, why not monkey-patch that instead of data function?

Don't know, but I would guess not. Seems like insecurely hooking global functions would cause a whole lot of issues if that were the case. Unless maybe _G is treated differently somehow, and/or it would only be relevant if you explicitly use the _G variable. Frame methods are commonly replaced, as well. It just seems like there should have been a lot more issues going on.

You can test it by checking issecurevariable("C_ArtifactUI").