On Feb 17, 2018, at 20:34 , Glenn L. Austin <gl...@austinsoft.com> wrote: > > Or encode/decode them using Coding, then encode/decode the resulting encoded > attributed string data using SecureCoding.
Markus already said that archives exist with normally-encoded attributed strings, so that precludes changing the archive format in the way you say. But that does suggest a partial alternative. In the object that decodes the attributed string, Markus can turn “usesSecureCoding” off for that decode only (in the coder object, which has this property defined). This won’t be secure against attacks via the objects *in* the attributed strings, but it would protect the rest of the archive. It might even work to @try/@catch the decode with the setting on, before turning it off and retrying if an exception occurs, which would provide secure coding for any macOS version that doesn’t have this bug. But a bug report or a TSI seems like a prudent act before committing to a hacky solution or giving up. _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com