Re: NSSecureCoding & NSAttributedString
Re: NSSecureCoding & NSAttributedString
- Subject: Re: NSSecureCoding & NSAttributedString
- From: Quincey Morris <email@hidden>
- Date: Sat, 17 Feb 2018 21:12:06 -0800
On Feb 17, 2018, at 20:34 , Glenn L. Austin <email@hidden> wrote:
>
> Or encode/decode them using Coding, then encode/decode the resulting encoded
> attributed string data using SecureCoding.
Markus already said that archives exist with normally-encoded attributed
strings, so that precludes changing the archive format in the way you say.
But that does suggest a partial alternative. In the object that decodes the
attributed string, Markus can turn “usesSecureCoding” off for that decode only
(in the coder object, which has this property defined). This won’t be secure
against attacks via the objects *in* the attributed strings, but it would
protect the rest of the archive.
It might even work to @try/@catch the decode with the setting on, before
turning it off and retrying if an exception occurs, which would provide secure
coding for any macOS version that doesn’t have this bug.
But a bug report or a TSI seems like a prudent act before committing to a hacky
solution or giving up.
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden