Hi, > Just in case if someone will be looking for solution - I've managed to > eliminate all the sensitive data from memory on closing particular QML > screen without sacrificing existing architecture. The secret is pretty > simple: just avoid situations when QString-s gets copied into JS > strings: > > 1. Do not use QJsonArray as the model for QML, use QVariantList as the > replacement instead. At least because QVariantList of QVariants of > QStrings allows an access to QString if required. > 2. Use Quick Controls 2 because they are implemented in C++ and thus > doesn't result in creation of JS strings > 3. On destruction of Quick Controls pass properties like 'text', > 'displayText' etc to C++ where const_cast and nullify > implicitly-shared buffer. > Bonus: QJsonDocument provides nice 'rawData' function allowing to > cleanup its internals if required.
I can _not_ recommend this approach. The string may get copied internally in many places. Bindings may be evaluated as JavaScript, necessitating a JavaScript string representation. The visual representation of the string may be generated at some point, passing the string through layers of rendering code. The string has to be assembled from input somehow, potentially by re-allocating and expanding a buffer as you type. The old buffer will not be erased, and the input events may be allocated and deleted on the heap, without erasing them before deletion. You can _not_ be sure that the string is completely erased from memory after theses steps. And obviously const_cast'ing and nullifying a string is not thread safe. If you are running a threaded render loop, for example, you may just have created a race condition. regards, Ulf _______________________________________________ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
