search

danielsaidi / RichTextKit

RichTextKit is a Swift SDK that helps you use rich text in Swift and SwiftUI.
MIT License
950 stars 126 forks source link

Investigate secure coding when archiving with NSKeyedArchiver #58

Open danielsaidi opened 1 year ago

danielsaidi commented 1 year ago

When the RichTextDataReader uses NSKeyedArchiver to generate archived data, it doesn't use secure coding. This can lead to errors when the file is unarchived.

For instance, this error was suddenly thrown after editing a file:

UserInfo={NSDebugDescription=value for key 'NS.objects' was of unexpected class 'AFAnalyticsTurnBasedInstrumentationContext' (0x210af22a8) [/System/Library/PrivateFrameworks/AssistantServices.framework].

This seems to be caused by some private frameworks, but we still have to handle it somehow.

We can try to change this RichTextDataReader function:

func richTextArchivedData() throws -> Data {
    try NSKeyedArchiver.archivedData(
        withRootObject: richText,
        requiringSecureCoding: false
    )
}

to use secure coding, but we then have to make sure that the invalid content doesn't cause the archive to fail.