Archive for January 30, 2023

Monday, January 30, 2023

Using JavaScript in a Swift App

Douglas Hill:

If you’re writing an iOS app using Swift and trying to solve a problem you’re sure has been solved before, you may look for existing code that solves that problem. It’s likely you’ll first think of looking for open source code written in Swift[…] However, we don’t need to limit ourselves to Swift. […] In this article, we’ll look at how to call JavaScript code from Swift using JavaScriptCore.


This sort of code is inviting code injection security vulnerabilities. Instead, we can set our input URL as a variable in the JavaScript environment and then reference it by name.

JSContext lets us read variables (in Swift) from JavaScript using objectForKeyedSubscript(_:) and set variables using setObject(_:forKeyedSubscript). Oddly, this API is nicer to use in Objective-C since these map to subscript syntax so you can read and set values like in a dictionary. Subscript syntax doesn’t seem to work in Swift here.

Safari Safe Browsing Blocks GitLab in Hong Kong

Sam Biddle (tweet, via Tim Sweeney):

When Safari users in Hong Kong recently tried to load the popular code-sharing website GitLab, they received a strange warning instead: Apple’s browser was blocking the site for their own safety. The access was temporarily cut off thanks to Apple’s use of a Chinese corporate website blacklist, which resulted in the innocuous site being flagged as a purveyor of misinformation. Neither Tencent, the massive Chinese firm behind the web filter, nor Apple will say how or why the site was censored.


The episode raises thorny questions about privatized censorship done in the name of “safety” — questions that neither company seems interested in answering: How does Tencent decide what’s blocked? Does Apple have any role? Does Apple condone Tencent’s blacklist practices?


The block came as a particular surprise to Ka-cheong and other Hong Kong residents because Apple originally said the Tencent blocklist would be used only for Safari users inside mainland China. According to a review of the Internet Archive, however, sometime after November 24, 2022, Apple quietly edited its Safari privacy policy to note that the Tencent blacklist would be used for devices in Hong Kong as well. (Haija, the Apple spokesperson, did not respond when asked when or why Apple expanded the use of Tencent’s filter to Hong Kong.)


The block on GitLab would not be the first time Tencent deemed a foreign website “dangerous” for apparently ideological reasons. In 2020, attempts to visit the official website of Notepad++, a text editor app whose French developer had previously issued a statement of solidarity with Hong Kong dissidents, were blocked for users of Tencent web browsers, again citing safety.


Switching on iCloud Photos

Matthias Gansrigler:

65 photos were unable to upload, according to Photos on my Mac. Why? I couldn’t honestly tell you. Photos didn’t tell me. It should have, if you ask me. I’d have liked to know. And there’s no way to retry to sync those photos with iCloud. They’re just in the “Unable to Upload” smart-album forever.

Albeit, a bit of online research reveals an Apple support document with one of the weirdest and Apple-unlike solutions to a problem I’ve ever come across:

Step 1: Export the photos in question “unmodified” to a folder on your disk.
Step 2: Delete them from Photos (scary)
Step 3: Import those photos you just exported into Photos again to retry their syncing.

It worked (mostly), but still, why can’t I just do this in Photos itself?


An interesting tidbit: All my synced devices show a different photo count.


DOJ Accuses Google of Abusing Ads Monopoly

David McCabe and Nico Grant (via Hacker News):

The Justice Department and a group of states sued Google on Tuesday, accusing it of illegally abusing a monopoly over the technology that powers online advertising, in the agency’s first antitrust lawsuit against a tech giant under President Biden and an escalation in legal pressure on one of the world’s biggest internet companies.

The lawsuit said Google had “corrupted legitimate competition in the ad tech industry by engaging in a systematic campaign to seize control of the wide swath of high-tech tools used by publishers, advertisers and brokers, to facilitate digital advertising.” The lawsuit asked the U.S. District Court for the Eastern District of Virginia to force Google to sell its suite of ad technology products and stop the company from engaging in allegedly anticompetitive practices.


NSURLSession Connection Leak

Jeff Johnson:

What it doesn’t tell you is that if you don’t invalidate the session (via finishTasksAndInvalidate or invalidateAndCancel), then the internet connection created by the session remains open until the app terminates, even after the delegate method URLSession:task:didCompleteWithError: has been called, and even after the app’s code no longer has a strong reference to the session. It’s more than just a potential memory leak.


The NSURLSession API seems peculiar, because you would expect URLSession:task:didCompleteWithError: to be, you know, the end. Shouldn’t you be able to freely (pun intended) dispose of the connection at that point? The reality, however, is that you need to invalidate every used session.