1

I'm using Xcode 4.6. My app is working on the device and the simulator, but I get a warning when building:

"Format string is not a string literal (potentially insecure)"

from this code

[sArray addObject:[NSString stringWithFormat:subCatName]];

l.text= [spacing stringByAppendingFormat:[mArray objectAtIndex:section]];

Why, and how do I fix it?

jscs
  • 63,694
  • 13
  • 151
  • 195
Ram
  • 1,687
  • 3
  • 18
  • 28

1 Answers1

8

Since you are not actually formatting a string, do this:

[sArray addObject:subCatName];

l.text= [spacing stringByAppendingString:[mArray objectAtIndex:section]];

For some reason, NSString stringWithFormat: is one of the most overused methods I see on SO. It should only be used when you are actually formatting a string with one or more variables being placed into the final string.

rmaddy
  • 314,917
  • 42
  • 532
  • 579
  • 4
    +1 for "one of the most overused methods"! – Martin R Apr 17 '13 at 05:26
  • 2
    @MartinR I'd love to know the source of this overuse. There must be some online courses or books that incorrectly teach its use. – rmaddy Apr 17 '13 at 05:27
  • @rmaddy: You are correct. +1 – Ram Apr 17 '13 at 05:35
  • One reason for using `stringWithFormat` might be that it works with arbitrary objects (calling `description` implicitly). But often this hides the actual problem instead of being really useful. – Martin R Apr 17 '13 at 06:03
  • @MartinR But `description` in not called on the first argument to `stringWithFormat:`. The first argument must be an `NSString`, not an arbitrary object. – rmaddy Apr 17 '13 at 06:07
  • Yes you are right. That was more a general remark but does not apply in this case. – Martin R Apr 17 '13 at 06:09