search

Cocoanetics / DTCoreText

Methods to allow using HTML code with CoreText
BSD 2-Clause "Simplified" License
6.35k stars 1.18k forks source link

Fix Unsafe Style Parsing #1282

Closed cameronehrlich closed 3 months ago

cameronehrlich commented 3 months ago

Hello!

We have identified a crash in production caused by malformed CSS styling in the HTML being rendered. The issue arises from calling lowercaseString on an object expected to be an NSString, but which is actually an NSMutableArray.

The crash can be observed in the following screenshots:

Screenshot 2024-08-06 at 1 17 23 PM Screenshot 2024-08-06 at 1 23 42 PM 355585552-079e66b7-4aef-4505-9c91-dfa91568bd0e

My proposed fix is straightforward. I have updated the code so that the call to lowercaseString on [style objectForKey: @"border-radius"] is made only after the NSString type check. This resolves the crash for us.

Best,

~ Cameron

cameronehrlich commented 3 months ago

Hey @odrobnik, can I get a PR review?

odrobnik commented 3 months ago

Thanks for the fix! Looks good!

cameronehrlich commented 3 months ago

@odrobnik whats the process for cutting a new release?

odrobnik commented 3 months ago

I just do it when I have time

cameronehrlich commented 2 months ago

Okay 👍

odrobnik commented 2 months ago

The new release has been released: https://www.cocoanetics.com/2024/09/dtcoretext-1-6-28/

Again, thanks for your contributions!