RichTextKit icon indicating copy to clipboard operation
RichTextKit copied to clipboard
verified publisher icon danielsaidi

Investigate secure coding when archiving with NSKeyedArchiver

Open danielsaidi opened this issue 2 years ago • 1 comments

When the RichTextDataReader uses NSKeyedArchiver to generate archived data, it doesn't use secure coding. This can lead to errors when the file is unarchived.

For instance, this error was suddenly thrown after editing a file:

UserInfo={NSDebugDescription=value for key 'NS.objects' was of unexpected class 'AFAnalyticsTurnBasedInstrumentationContext' (0x210af22a8) [/System/Library/PrivateFrameworks/AssistantServices.framework].

This seems to be caused by some private frameworks, but we still have to handle it somehow.

We can try to change this RichTextDataReader function:

func richTextArchivedData() throws -> Data {
    try NSKeyedArchiver.archivedData(
        withRootObject: richText,
        requiringSecureCoding: false
    )
}

to use secure coding, but we then have to make sure that the invalid content doesn't cause the archive to fail.

danielsaidi avatar Jun 14 '23 14:06 danielsaidi

I have this issue in my app

DavidAlvarezDev avatar Dec 07 '24 19:12 DavidAlvarezDev