<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - We should also store the time information for recent searches"
href="https://bugs.webkit.org/show_bug.cgi?id=148388#c42">Comment # 42</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - We should also store the time information for recent searches"
href="https://bugs.webkit.org/show_bug.cgi?id=148388">bug 148388</a>
from <span class="vcard"><a class="email" href="mailto:zacharyli323@gmail.com" title="Zach Li <zacharyli323@gmail.com>"> <span class="fn">Zach Li</span></a>
</span></b>
<pre>(In reply to <a href="show_bug.cgi?id=148388#c40">comment #40</a>)
<span class="quote">> (In reply to <a href="show_bug.cgi?id=148388#c28">comment #28</a>)
> > Comment on <span class="bz_obsolete"><a href="attachment.cgi?id=262212&action=diff" name="attach_262212" title="Patch v4">attachment 262212</a> <a href="attachment.cgi?id=262212&action=edit" title="Patch v4">[details]</a></span>
> > Patch v4
> >
> >
> > This function is dangerous. It returns a newly created Objective-C object,
> > but doesn’t use autorelease, nor wrap the pointer in a RetainPtr, nor does
> > it follow the create/copy rule for naming functions that create new objects
> > without autoreleasing them. I suggest using RetainPtr for the result here so
> > we don’t leak memory.
> >
> > I’m also not sure that [NSMutableDictionary initWithContentsOfFile:] is safe
> > to use on an untrusted file. We need to instead use an appropriate API that
> > doesn’t allow objects of arbitrary classes.
>
> I agree. This should use NSPropertyListSerialization, and pass
> NSPropertyListMutableContainersAndLeaves for its mutability options.</span >
I think NSPropertyListMutableContainers will suffice, which is what [NSMutableDictionary initWithContentsOfFile:] will pass to NSPropertyListSerialization. We do not need things like NSString in the plist to be guaranteed to be mutable; we just need the containers to be guaranteed mutable.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>