[Development] Requesting a break in behavior in QML Text element

Robin Burchell robin+qt at viroteck.net
Thu Jan 29 23:24:51 CET 2015 

Hi,

Rationale: Text.AutoFormat is a terrible misfeature in almost every
case out there.

Design implications: In many cases in applications, a format is not
specified, with the assumption that only plain text will ever be
displayed because that is all it is ever tested with. In actuality,
this is not the case: providing rich text will allow rich text to be
displayed. This can break the appearance of the application (for
instance, bolding a list item becomes possible when this may not be
wanted as a design constraint)

Security implications: There are two security implications here.
Firstly, there is an issue when used in conjunction with another
feature of QML: automatic loading of resources[1]. This can allow for
resource usage in unexpected conditions (say, when on a mobile
device), allow some degree of tracking of user behavior ("did this
user get my message yet? better embed a 1x1 transparent gif in the
image and find out"), etc. In the case of a bug in Qt's image format
plugins or rich text handling, it could also escalate from being
"annoying" to actually allowing attacks to take place.

Performance implication: In addition to the security and design
implications, it's also undesirable from another perspective: that of
performance. Automatic detection and fallback implies a certain amount
of resources.

API design-wise, this is also not great. It's unexpected: you create a
text element, you don't have any idea what you're going to get. If you
turn on automatic detection or rich text, you explicitly have to make
the choice to get either of those behaviors.

It is worth noting that this behavior is present in the widget world
(QLabel and friends), but slightly less problematic there (in that
external loading is not possible). I have seen this be a problem quite
a large number of times there, too, as I am sure many developers
have[2], but changing the behavior of something that has existed for
so much longer is something that I consider to not be well received,
especially given the wide amount of codebase out there.

tl;dr: I'd like to request a behavior break in QML's Text element. I
would like to change the default value of Text::textFormat from
Text.AutoText to Text.PlainText.

Ideally, we could also provide tooling changes to help cover the
migration, by warning in QQuickTextItem::setText if HTML was
discovered and an explicit format had not been set, or perhaps in
other custom tooling aids.

Seperately, we may want to look at a restriction on the loading of
remote resources in Text. I can understand allowing remote URIs in
Image, but Text seems like an unexpected behavior to me.

BR,
Robin

(thanks go to Rich Moore for helping to proofread this proposal)

[1]: QML example showing loading of an image from a remote source
inside a text string.
import QtQuick 2.0

Item {
    width: 500
    height: width

    Text {
        text: "<img src='https://www.google.no/images/srpr/logo11w.png'>"
    }
}

[2]: http://blog.qt.digia.com/blog/2011/10/04/security-considerations-regarding-qlabel-and-friends/

More information about the Development mailing list