问题
I'm developing an application for the iPhone that has inApp-mail sending capabilities. So far so good, but now I want to avoid html-injections as some parts of the mail are user-generated texts.
Basically I search for something like this:
// inits
NSString *sourceString = [NSString stringWithString:@"Hello world! Grüße dich Welt <-- This is in German."];
// ----- THAT'S WHAT I'M LOOKING FOR
// pseudo-code |
// V
NSString *htmlEncodedString = [sourceString htmlEncode];
// log
NSLog(@"source string: %@", sourceString);
NSLog(@"encoded string: %@", htmlEncodedString);
Expected output source string: Hello world! Grüße dich Welt <-- This is in German.
encoded string: Hello world! Grüße dich Welt <-- This is in German.
I already googled and looked through several of SO's questions and answers, but all of them seem to be related to URL-encoding and that's not what I really need (I tried stringByAddingPercentEscapesUsingEncoding
with no luck - it creates %C3%BC out of an 'ü' that should be an ü).
A code sample would be really great (correcting mine?)...
--
Thanks in advance,
Markus
回答1:
Check out my NSString category for HTML. Here are the methods available:
- (NSString *)stringByConvertingHTMLToPlainText;
- (NSString *)stringByDecodingHTMLEntities;
- (NSString *)stringByEncodingHTMLEntities;
- (NSString *)stringWithNewLinesAsBRs;
- (NSString *)stringByRemovingNewLinesAndWhitespace;
回答2:
Thanks @all. I ended up using my own implementation:
//
// _________________________________________
//
// textToHtml
// _________________________________________
//
- (NSString*)textToHtml:(NSString*)htmlString {
htmlString = [htmlString stringByReplacingOccurrencesOfString:@"&" withString:@"&"];
htmlString = [htmlString stringByReplacingOccurrencesOfString:@"<" withString:@"<"];
htmlString = [htmlString stringByReplacingOccurrencesOfString:@">" withString:@">"];
htmlString = [htmlString stringByReplacingOccurrencesOfString:@"""" withString:@"""];
htmlString = [htmlString stringByReplacingOccurrencesOfString:@"'" withString:@"'"];
htmlString = [htmlString stringByReplacingOccurrencesOfString:@"\n" withString:@"<br>"];
return htmlString;
}
回答3:
A little improvement on @Markus' code [Change <br /> to <p></p>, escape multiple spaces]
- (NSString*)textToHtml:(NSString*)htmlString {
htmlString = [htmlString stringByReplacingOccurrencesOfString:@"&" withString:@"&"];
htmlString = [htmlString stringByReplacingOccurrencesOfString:@"<" withString:@"<"];
htmlString = [htmlString stringByReplacingOccurrencesOfString:@">" withString:@">"];
htmlString = [htmlString stringByReplacingOccurrencesOfString:@"""" withString:@"""];
htmlString = [htmlString stringByReplacingOccurrencesOfString:@"'" withString:@"'"];
htmlString = [@"<p>" stringByAppendingString:htmlString];
htmlString = [htmlString stringByAppendingString:@"</p>"];
htmlString = [htmlString stringByReplacingOccurrencesOfString:@"\n" withString:@"</p><p>"];
// htmlString = [htmlString stringByReplacingOccurrencesOfString:@"\n" withString:@"<br />"];
while ([htmlString rangeOfString:@" "].length > 0) {
htmlString = [htmlString stringByReplacingOccurrencesOfString:@" " withString:@" "];
}
return htmlString;
}
回答4:
I have been looking for a similar solution and this did the job for me
NSString* value = @"<&>";
const void* keys[1] = {CFSTR("somekey")};
const void* values[1] = {value};
CFDictionaryRef dicRef = CFDictionaryCreate(kCFAllocatorDefault, keys, values, 1, nil, nil);
CFDataRef dataRef = CFPropertyListCreateData(kCFAllocatorDefault, dicRef, kCFPropertyListXMLFormat_v1_0, 0, NULL);
NSString *str = [[NSString alloc]initWithData:(NSData *)dataRef encoding:NSUTF8StringEncoding];
NSRange start =[str rangeOfString:@"string>"];
NSRange end =[str rangeOfString:@"</string"];
NSString *substr = [str substringWithRange:NSMakeRange(start.location+start.length, end.location-(start.location+start.length))];
[str release];
CFRelease(dicRef);
CFRelease(dataRef);
//Substring is now html entity encoded
I am using some of the features that is used when saving plist files. I hope this helps.
回答5:
I'm expanding @Markus answer, because my case is i'm sending JSON string, so i need to added some escape, these are my function :
note : the exception reference from w3schools. https://www.w3schools.com/tags/ref_urlencode.asp
- (NSString*)convertStringToHTMLEscape:(NSString*)stringContent
{
stringContent = [stringContent stringByReplacingOccurrencesOfString:@"{" withString:@"%7B"];
stringContent = [stringContent stringByReplacingOccurrencesOfString:@"}" withString:@"%7D"];
stringContent = [stringContent stringByReplacingOccurrencesOfString:@"[" withString:@"%5B"];
stringContent = [stringContent stringByReplacingOccurrencesOfString:@"]" withString:@"%5D"];
stringContent = [stringContent stringByReplacingOccurrencesOfString:@" " withString:@"%20"];
stringContent = [stringContent stringByReplacingOccurrencesOfString:@"\"" withString:@"%22"];
stringContent = [stringContent stringByReplacingOccurrencesOfString:@"\\" withString:@"%5C"];
stringContent = [stringContent stringByReplacingOccurrencesOfString:@"/" withString:@"%2F"];
return stringContent;
}
回答6:
Assuming the character encoding of the email supports Unicode - say UTF-8 - could you not just find and replace the occurrences of <
, >
, and &
with <
, >
, and &
?
来源:https://stackoverflow.com/questions/1666717/html-entity-encoding-convert-to-lt-on-iphone-in-objective-c