发表新帖
发表新帖

HTML entity encoding (convert '<' to '<') on iPhone in objective-c

后端 未结
关注
6 1196
忘了有多久
忘了有多久 2020-12-09 11:19

I\'m developing an application for the iPhone that has inApp-mail sending capabilities. So far so good, but now I want to avoid html-injections as some parts of the mail are

相关标签:
6条回答
  • 别跟我提以往
    2020-12-09 11:55

    Thanks @all. I ended up using my own implementation:

    //
// _________________________________________
//
// textToHtml
// _________________________________________
//
- (NSString*)textToHtml:(NSString*)htmlString {
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"&"  withString:@"&amp;"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"<"  withString:@"&lt;"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@">"  withString:@"&gt;"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"""" withString:@"&quot;"];    
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"'"  withString:@"&#039;"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"\n" withString:@"<br>"];
    return htmlString;
}
    0 讨论(0)
  • 太阳男子
    2020-12-09 11:56

    A little improvement on @Markus' code [Change <br /> to <p></p>, escape multiple spaces]

    - (NSString*)textToHtml:(NSString*)htmlString {
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"&"  withString:@"&amp;"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"<"  withString:@"&lt;"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@">"  withString:@"&gt;"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"""" withString:@"&quot;"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"'"  withString:@"&#039;"];

    htmlString = [@"<p>" stringByAppendingString:htmlString];
    htmlString = [htmlString stringByAppendingString:@"</p>"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"\n" withString:@"</p><p>"];
//  htmlString = [htmlString stringByReplacingOccurrencesOfString:@"\n" withString:@"<br />"];
    while ([htmlString rangeOfString:@"  "].length > 0) {
        htmlString = [htmlString stringByReplacingOccurrencesOfString:@"  " withString:@"&nbsp;&nbsp;"];
    }
    return htmlString;
}
    0 讨论(0)
  • 猫巷女王i
    2020-12-09 12:04

    I'm expanding @Markus answer, because my case is i'm sending JSON string, so i need to added some escape, these are my function :

    note : the exception reference from w3schools. https://www.w3schools.com/tags/ref_urlencode.asp

    - (NSString*)convertStringToHTMLEscape:(NSString*)stringContent
{
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@"{" withString:@"%7B"];
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@"}" withString:@"%7D"];
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@"[" withString:@"%5B"];
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@"]" withString:@"%5D"];
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@" " withString:@"%20"];
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@"\"" withString:@"%22"];
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@"\\" withString:@"%5C"];
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@"/" withString:@"%2F"];

    return stringContent;
}
    0 讨论(0)
  • 忘了有多久
    2020-12-09 12:09

    Check out my NSString category for HTML. Here are the methods available:

    - (NSString *)stringByConvertingHTMLToPlainText;
- (NSString *)stringByDecodingHTMLEntities;
- (NSString *)stringByEncodingHTMLEntities;
- (NSString *)stringWithNewLinesAsBRs;
- (NSString *)stringByRemovingNewLinesAndWhitespace;
    0 讨论(0)
  • 难免孤独
    2020-12-09 12:10

    Assuming the character encoding of the email supports Unicode - say UTF-8 - could you not just find and replace the occurrences of <, >, and & with &lt, &gt, and &amp;?

    0 讨论(0)
  • 小鲜肉
    2020-12-09 12:17

    I have been looking for a similar solution and this did the job for me

    NSString* value = @"<&>";
const void* keys[1] = {CFSTR("somekey")};
const void* values[1] = {value};    
CFDictionaryRef dicRef =  CFDictionaryCreate(kCFAllocatorDefault, keys, values, 1, nil, nil);    
CFDataRef dataRef = CFPropertyListCreateData(kCFAllocatorDefault, dicRef, kCFPropertyListXMLFormat_v1_0, 0, NULL);    
NSString *str = [[NSString alloc]initWithData:(NSData *)dataRef encoding:NSUTF8StringEncoding];    
NSRange start =[str rangeOfString:@"string>"];
NSRange end =[str rangeOfString:@"</string"];    
NSString *substr = [str substringWithRange:NSMakeRange(start.location+start.length, end.location-(start.location+start.length))];
[str release];
CFRelease(dicRef);
CFRelease(dataRef);

    //Substring is now html entity encoded

    I am using some of the features that is used when saving plist files. I hope this helps.

    0 讨论(0)
 看不清?
提交回复
热议问题