Archive for April 14, 2006

Friday, April 14, 2006

KVC Injection

Fraser Speirs:

Somewhere in Aperture, it’s reading the keywords on an iPhoto image, composing a keypath from the bare string of the keyword and calling -valueForKeyPath: with that string. Further, the “@” sign has a special meaning in Key-Value Coding—it signifies an array operator—so instead of accessing the keypath “photo.keywords.Flickr,” the keypath might be “photo.keywords.@Flickr” and “@Flickr” is not a supported array or set operator in KVC.