Merge commit from fork

* Clear braille when the session is locked

* Updated changes

* Fix spelling error in docstring.

Co-authored-by: Sean Budd <sean@nvaccess.org>

* Refactor

* Use _dismissMessage instead of manually resetting message buffer

* Update changes

---------

Co-authored-by: Sean Budd <sean@nvaccess.org>

Author: SaschaCowley

source/braille.py

@@ -65,7 +65,7 @@
 import queueHandler
 import brailleViewer
 from autoSettingsUtils.driverSetting import BooleanDriverSetting, NumericDriverSetting
-from utils.security import objectBelowLockScreenAndWindowsIsLocked
+from utils.security import objectBelowLockScreenAndWindowsIsLocked, post_sessionLockStateChanged
 from textUtils import isUnicodeNormalized, UnicodeNormalizationOffsetConverter
 import hwIo
 from editableText import EditableText
@@ -2412,6 +2412,7 @@ def __init__(self):
 		self.queuedWriteLock = threading.Lock()
 		self.ackTimerHandle = winKernel.createWaitableTimer()
 
+		post_sessionLockStateChanged.register(self._onSessionLockStateChanged)
 		brailleViewer.postBrailleViewerToolToggledAction.register(self._onBrailleViewerChangedState)
 		# noqa: F401 avoid module level import to prevent cyclical dependency
 		# between speech and braille
@@ -2435,6 +2436,7 @@ def terminate(self):
 			self._cursorBlinkTimer.Stop()
 			self._cursorBlinkTimer = None
 		config.post_configProfileSwitch.unregister(self.handlePostConfigProfileSwitch)
+		post_sessionLockStateChanged.unregister(self._onSessionLockStateChanged)
 		if self.display:
 			self.display.terminate()
 			self.display = None
@@ -2445,6 +2447,21 @@ def terminate(self):
 			self.ackTimerHandle = None
 		louisHelper.terminate()
 
+	def _clearAll(self) -> None:
+		"""Clear the braille buffers and update the braille display."""
+		self.mainBuffer.clear()
+		if self.buffer is self.messageBuffer:
+			self._dismissMessage(False)
+		self.update()
+
+	def _onSessionLockStateChanged(self, isNowLocked: bool):
+		"""Clear the braille buffers and update the braille display to prevent leaking potentially sensitive information from a locked session.
+
+		:param isNowLocked: True if the session is now locked; false if it is now unlocked.
+		"""
+		if isNowLocked:
+			self._clearAll()
+
 	table: brailleTables.BrailleTable
 	"""Type definition for auto prop '_get_table/_set_table'"""
 

user_docs/en/changes.md

@@ -69,6 +69,13 @@ Prefix matching on command line flags, e.g. using `--di` for `--disable-addons`
   * By default, "Speak typed characters" is now set to "Only in edit controls".
 * The silence at the beginning of speech will now be trimmed when using OneCore voices, SAPI5 voices, and some third-party voice add-ons to improve their responsiveness. (#17614, @gexgd0419)
 
+### Security Fixes
+
+Please responsibly disclose security issues following NVDA's [security policy](https://github.com/nvaccess/nvda/blob/master/security.md).
+
+* Prevents showing potentially sensitive information on braille displays when the device is locked.
+([GHSA-8f8q-2jc3-6rf4](https://github.com/nvaccess/nvda/security/advisories/GHSA-8f8q-2jc3-6rf4))
+
 ### Bug Fixes
 
 * NVDA will no longer crash when selecting all text in certain source files in Android Studio or IntelliJ Idea. (#17418, @thgcode)