Re: NSSecureCoding & NSAttributedString

On Feb 19, 2018, at 10:32 , Markus Spoettl wrote: > > for the exact purpose of replacing classes Well, it’s not a cuckoo’s egg attack if the secure decoder is looking for the replacement cuckoo class, I guess. What still worries me is that you substitute with a class

Re: NSSecureCoding & NSAttributedString

On 2/19/18 18:56, Quincey Morris wrote: On Feb 19, 2018, at 01:42 , Markus Spoettl > wrote: I'm not sure where the NSAccessibility… keys are defined https://developer.apple.com/documentation/foundation/nsattributedstringkey I found

Re: NSSecureCoding & NSAttributedString

On Feb 19, 2018, at 01:42 , Markus Spoettl wrote: > > I'm not sure where the NSAccessibility… keys are defined https://developer.apple.com/documentation/foundation/nsattributedstringkey > I found a workaround for the problem for classes that are not

Re: NSSecureCoding & NSAttributedString

On 2/18/18 23:26, Quincey Morris wrote: I dunno. I always though of the attributes as something extensible, but I guess they’re not really. (They can’t be, in NSAttributedString is an interchange format between apps.) Looking at the documented list, I would be worried about NSTextAttachment,

Re: NSSecureCoding & NSAttributedString

FYI, you can define your own attributes using your own keys and values not defined by the frameworks, and the frameworks will ignore them from the standpoint of drawing. In one app, I used an attribute to add a time stamp to a run of text and overrode the glyph drawing so that when my code saw

Re: NSSecureCoding & NSAttributedString

On Feb 18, 2018, at 14:27 , Markus Spoettl wrote: > > yet this works (don't know why) I did this in Swift (so I could use a playground): > print (NSTextTab.self.conforms (to: NSSecureCoding.self)) // true > print (NSTextList.self.conforms (to: NSSecureCoding.self)) //

Re: NSSecureCoding & NSAttributedString

On 2/18/18 23:01, Markus Spoettl wrote: As for additional NSAttributeString "companion" classes, I'm still open for suggestions. Sure enough I found other pulprits: NSTextList and NSShadow. According to the header, NSTextList does not conform to NSSecureCoding, yet this works (don't know

Re: NSSecureCoding & NSAttributedString

On Feb 18, 2018, at 14:01 , Markus Spoettl wrote: > > Arrays are easy to enforce but dictionaries are really a weak spot. For > starters you can't define which classes are acceptable as keys and which as > values. What if you have collection classes as values, what

Re: NSSecureCoding & NSAttributedString

On 2/18/18 22:02, Quincey Morris wrote: On Feb 18, 2018, at 10:30 , Markus Spoettl > wrote: The decoder isn't terribly concerned with where the individual classes will occur, just that they might. I was going to reply that it’s

Re: NSSecureCoding & NSAttributedString

On Feb 18, 2018, at 10:30 , Markus Spoettl wrote: > > The decoder isn't terribly concerned with where the individual classes will > occur, just that they might. I was going to reply that it’s stupid that it behaves like this, but I guess it makes some sense after

Re: NSSecureCoding & NSAttributedString

On 2/18/18 06:12, Quincey Morris wrote: On Feb 17, 2018, at 20:34 , Glenn L. Austin wrote: Or encode/decode them using Coding, then encode/decode the resulting encoded attributed string data using SecureCoding. Markus already said that archives exist with

Re: NSSecureCoding & NSAttributedString

On Feb 17, 2018, at 20:34 , Glenn L. Austin wrote: > > Or encode/decode them using Coding, then encode/decode the resulting encoded > attributed string data using SecureCoding. Markus already said that archives exist with normally-encoded attributed strings, so that

Re: NSSecureCoding & NSAttributedString

Also, you don't *have* to use SecureCoding if you're using attributed strings. Or encode/decode them using Coding, then encode/decode the resulting encoded attributed string data using SecureCoding. -- Glenn L. Austin, Computer Wizard, AustinSoft.com > On Feb 17, 2018, at 5:27 PM, Alex

Re: NSSecureCoding & NSAttributedString

What about the option mentioned before of converting to another type, RTF, and handling that? > On Feb 17, 2018, at 3:37 PM, Markus Spoettl wrote: > > On 2/16/18 23:58, Quincey Morris wrote: >> On Feb 16, 2018, at 14:13 , Markus Spoettl

Re: NSSecureCoding & NSAttributedString

On 2/16/18 23:58, Quincey Morris wrote: On Feb 16, 2018, at 14:13 , Markus Spoettl wrote: how can I go about decoding NSAttributedString I just tried in a playground, and the problem is in NSParagraphStyle, not NSAttributedString. It looks like it falls foul of the

Re: NSSecureCoding & NSAttributedString

On 2/16/18 23:58, Quincey Morris wrote: On Feb 16, 2018, at 14:13 , Markus Spoettl wrote: how can I go about decoding NSAttributedString I just tried in a playground, and the problem is in NSParagraphStyle, not NSAttributedString. It looks like it falls foul of the

Re: NSSecureCoding & NSAttributedString

> On Feb 16, 2018, at 4:51 PM, Quincey Morris > wrote: > > Unless someone has a bright idea, I don’t any way around concluding that > NSAttributedString can’t be used with NSSecureCoding. You could encode the NSAttributedString as RTF, which is trivially

Re: NSSecureCoding & NSAttributedString

On Feb 16, 2018, at 15:58 , Alex Zavatone wrote: > > So, splitting the solution into separate archival and unarchiving into 2 > sections, where the unsupported classes are handled separately is the ugly > but required path to take? It’s hard to say in general, because having

Re: NSSecureCoding & NSAttributedString

> On Feb 16, 2018, at 5:17 PM, Quincey Morris > wrote: > > On Feb 16, 2018, at 15:06 , Alex Zavatone > wrote: >> >> do you think that this be a case when it’s best to encrypt the strings >> yourself with an HMac256

Re: NSSecureCoding & NSAttributedString

On Feb 16, 2018, at 15:06 , Alex Zavatone wrote: > > do you think that this be a case when it’s best to encrypt the strings > yourself with an HMac256 method on the attributed strings? There’s no actual encryption in NSSecureCoding, it’s just about making sure that malicious

Re: NSSecureCoding & NSAttributedString

Quincy, do you think that this be a case when it’s best to encrypt the strings yourself with an HMac256 method on the attributed strings? > On Feb 16, 2018, at 4:58 PM, Quincey Morris > wrote: > > On Feb 16, 2018, at 14:13 , Markus Spoettl

Re: NSSecureCoding & NSAttributedString

On Feb 16, 2018, at 14:13 , Markus Spoettl wrote: > > how can I go about decoding NSAttributedString I just tried in a playground, and the problem is in NSParagraphStyle, not NSAttributedString. It looks like it falls foul of the known secure coding issue about

NSSecureCoding & NSAttributedString

Hi there, I have an app that stores - among other things - NSAttributedStrings. In the process of converting the -initWithCoder: methods to NSSecureCoding I'm now hitting something I don't know how to handle. What I do is the following and it works (notes is an NSAttributedString * field