[Development] Requesting a break in behavior in QML Text element

Jeremy Whiting jpwhiting at kde.org
Thu Jan 29 23:33:45 CET 2015


+1

On Thu, Jan 29, 2015 at 3:24 PM, Robin Burchell <robin+qt at viroteck.net>
wrote:

> Hi,
>
> Rationale: Text.AutoFormat is a terrible misfeature in almost every
> case out there.
>
> Design implications: In many cases in applications, a format is not
> specified, with the assumption that only plain text will ever be
> displayed because that is all it is ever tested with. In actuality,
> this is not the case: providing rich text will allow rich text to be
> displayed. This can break the appearance of the application (for
> instance, bolding a list item becomes possible when this may not be
> wanted as a design constraint)
>
> Security implications: There are two security implications here.
> Firstly, there is an issue when used in conjunction with another
> feature of QML: automatic loading of resources[1]. This can allow for
> resource usage in unexpected conditions (say, when on a mobile
> device), allow some degree of tracking of user behavior ("did this
> user get my message yet? better embed a 1x1 transparent gif in the
> image and find out"), etc. In the case of a bug in Qt's image format
> plugins or rich text handling, it could also escalate from being
> "annoying" to actually allowing attacks to take place.
>
> Performance implication: In addition to the security and design
> implications, it's also undesirable from another perspective: that of
> performance. Automatic detection and fallback implies a certain amount
> of resources.
>
> API design-wise, this is also not great. It's unexpected: you create a
> text element, you don't have any idea what you're going to get. If you
> turn on automatic detection or rich text, you explicitly have to make
> the choice to get either of those behaviors.
>
> It is worth noting that this behavior is present in the widget world
> (QLabel and friends), but slightly less problematic there (in that
> external loading is not possible). I have seen this be a problem quite
> a large number of times there, too, as I am sure many developers
> have[2], but changing the behavior of something that has existed for
> so much longer is something that I consider to not be well received,
> especially given the wide amount of codebase out there.
>
> tl;dr: I'd like to request a behavior break in QML's Text element. I
> would like to change the default value of Text::textFormat from
> Text.AutoText to Text.PlainText.
>
> Ideally, we could also provide tooling changes to help cover the
> migration, by warning in QQuickTextItem::setText if HTML was
> discovered and an explicit format had not been set, or perhaps in
> other custom tooling aids.
>
> Seperately, we may want to look at a restriction on the loading of
> remote resources in Text. I can understand allowing remote URIs in
> Image, but Text seems like an unexpected behavior to me.
>
> BR,
> Robin
>
> (thanks go to Rich Moore for helping to proofread this proposal)
>
> [1]: QML example showing loading of an image from a remote source
> inside a text string.
> import QtQuick 2.0
>
> Item {
>     width: 500
>     height: width
>
>     Text {
>         text: "<img src='https://www.google.no/images/srpr/logo11w.png'>"
>     }
> }
>
> [2]:
> http://blog.qt.digia.com/blog/2011/10/04/security-considerations-regarding-qlabel-and-friends/
> _______________________________________________
> Development mailing list
> Development at qt-project.org
> http://lists.qt-project.org/mailman/listinfo/development
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/development/attachments/20150129/03650354/attachment.html>


More information about the Development mailing list