+1 On Thu, Jan 29, 2015 at 3:24 PM, Robin Burchell <robin...@viroteck.net> wrote:
> Hi, > > Rationale: Text.AutoFormat is a terrible misfeature in almost every > case out there. > > Design implications: In many cases in applications, a format is not > specified, with the assumption that only plain text will ever be > displayed because that is all it is ever tested with. In actuality, > this is not the case: providing rich text will allow rich text to be > displayed. This can break the appearance of the application (for > instance, bolding a list item becomes possible when this may not be > wanted as a design constraint) > > Security implications: There are two security implications here. > Firstly, there is an issue when used in conjunction with another > feature of QML: automatic loading of resources[1]. This can allow for > resource usage in unexpected conditions (say, when on a mobile > device), allow some degree of tracking of user behavior ("did this > user get my message yet? better embed a 1x1 transparent gif in the > image and find out"), etc. In the case of a bug in Qt's image format > plugins or rich text handling, it could also escalate from being > "annoying" to actually allowing attacks to take place. > > Performance implication: In addition to the security and design > implications, it's also undesirable from another perspective: that of > performance. Automatic detection and fallback implies a certain amount > of resources. > > API design-wise, this is also not great. It's unexpected: you create a > text element, you don't have any idea what you're going to get. If you > turn on automatic detection or rich text, you explicitly have to make > the choice to get either of those behaviors. > > It is worth noting that this behavior is present in the widget world > (QLabel and friends), but slightly less problematic there (in that > external loading is not possible). I have seen this be a problem quite > a large number of times there, too, as I am sure many developers > have[2], but changing the behavior of something that has existed for > so much longer is something that I consider to not be well received, > especially given the wide amount of codebase out there. > > tl;dr: I'd like to request a behavior break in QML's Text element. I > would like to change the default value of Text::textFormat from > Text.AutoText to Text.PlainText. > > Ideally, we could also provide tooling changes to help cover the > migration, by warning in QQuickTextItem::setText if HTML was > discovered and an explicit format had not been set, or perhaps in > other custom tooling aids. > > Seperately, we may want to look at a restriction on the loading of > remote resources in Text. I can understand allowing remote URIs in > Image, but Text seems like an unexpected behavior to me. > > BR, > Robin > > (thanks go to Rich Moore for helping to proofread this proposal) > > [1]: QML example showing loading of an image from a remote source > inside a text string. > import QtQuick 2.0 > > Item { > width: 500 > height: width > > Text { > text: "<img src='https://www.google.no/images/srpr/logo11w.png'>" > } > } > > [2]: > http://blog.qt.digia.com/blog/2011/10/04/security-considerations-regarding-qlabel-and-friends/ > _______________________________________________ > Development mailing list > Development@qt-project.org > http://lists.qt-project.org/mailman/listinfo/development >
_______________________________________________ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development