当前位置: 文江博客 话题详情

iPhone 上的 Objective-C 中的 HTML 实体编码(将 '<' 转换为 '<')

发布于 2024-08-10 00:09:45 字数 985 浏览 1 评论 0 原文

我正在为 iPhone 开发一个具有应用程序内邮件发送功能的应用程序。到目前为止一切顺利,但现在我想避免 html 注入,因为邮件的某些部分是用户生成的文本。

基本上我搜索类似这样的内容:

// inits
NSString *sourceString = [NSString stringWithString:@"Hello world! Grüße dich Welt <-- This is in German."];

//                                          -----   THAT'S WHAT I'M LOOKING FOR
// pseudo-code                              |
//                                          V
NSString *htmlEncodedString = [sourceString htmlEncode];

// log
NSLog(@"source string: %@", sourceString);
NSLog(@"encoded string: %@", htmlEncodedString);

预期输出
源字符串:Hello world! Grüße dich Welt <-- 这是德语。
编码字符串:Hello world! Grü&#223;e dich Welt <-- 这是德语。

我已经用谷歌搜索并浏览了一些SO的问题和答案,但所有这些似乎都与URL编码有关,而这不是我真正需要的(我尝试了stringByAddingPercentEscapesUsingEncoding不幸的是 - 它从应该是 ü 的 'ü' 中创建了 %C3%BC 。

代码示例真的很棒(纠正我的?)...

--
预先感谢,
马库斯

原文

I'm developing an application for the iPhone that has inApp-mail sending capabilities. So far so good, but now I want to avoid html-injections as some parts of the mail are user-generated texts.

Basically I search for something like this:

// inits
NSString *sourceString = [NSString stringWithString:@"Hello world! Grüße dich Welt <-- This is in German."];

//                                          -----   THAT'S WHAT I'M LOOKING FOR
// pseudo-code                              |
//                                          V
NSString *htmlEncodedString = [sourceString htmlEncode];

// log
NSLog(@"source string: %@", sourceString);
NSLog(@"encoded string: %@", htmlEncodedString);

Expected output
source string: Hello world! Grüße dich Welt <-- This is in German.
encoded string: Hello world! Grüße dich Welt <-- This is in German.

I already googled and looked through several of SO's questions and answers, but all of them seem to be related to URL-encoding and that's not what I really need (I tried stringByAddingPercentEscapesUsingEncoding with no luck - it creates %C3%BC out of an 'ü' that should be an ü).

A code sample would be really great (correcting mine?)...

--
Thanks in advance,
Markus

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(6

落花随流水 2024-08-17 00:09:45

查看我的 HTML 的 NSString 类别。以下是可用的方法:

- (NSString *)stringByConvertingHTMLToPlainText;
- (NSString *)stringByDecodingHTMLEntities;
- (NSString *)stringByEncodingHTMLEntities;
- (NSString *)stringWithNewLinesAsBRs;
- (NSString *)stringByRemovingNewLinesAndWhitespace;

Check out my NSString category for HTML. Here are the methods available:

- (NSString *)stringByConvertingHTMLToPlainText;
- (NSString *)stringByDecodingHTMLEntities;
- (NSString *)stringByEncodingHTMLEntities;
- (NSString *)stringWithNewLinesAsBRs;
- (NSString *)stringByRemovingNewLinesAndWhitespace;
回复 原文
娇纵 2024-08-17 00:09:45

谢谢@all。我最终使用了自己的实现:

//
// _________________________________________
//
// textToHtml
// _________________________________________
//
- (NSString*)textToHtml:(NSString*)htmlString {
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"&"  withString:@"&"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"<"  withString:@"<"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@">"  withString:@">"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"""" withString:@"""];    
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"'"  withString:@"'"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"\n" withString:@"<br>"];
    return htmlString;
}

Thanks @all. I ended up using my own implementation:

//
// _________________________________________
//
// textToHtml
// _________________________________________
//
- (NSString*)textToHtml:(NSString*)htmlString {
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"&"  withString:@"&"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"<"  withString:@"<"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@">"  withString:@">"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"""" withString:@"""];    
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"'"  withString:@"'"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"\n" withString:@"<br>"];
    return htmlString;
}
回复 原文
⒈起吃苦の倖褔 2024-08-17 00:09:45

对 @Markus 代码的一点改进 [Change
>到

,转义多个空格]

- (NSString*)textToHtml:(NSString*)htmlString {
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"&"  withString:@"&"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"<"  withString:@"<"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@">"  withString:@">"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"""" withString:@"""];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"'"  withString:@"'"];

    htmlString = [@"<p>" stringByAppendingString:htmlString];
    htmlString = [htmlString stringByAppendingString:@"</p>"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"\n" withString:@"</p><p>"];
//  htmlString = [htmlString stringByReplacingOccurrencesOfString:@"\n" withString:@"<br />"];
    while ([htmlString rangeOfString:@"  "].length > 0) {
        htmlString = [htmlString stringByReplacingOccurrencesOfString:@"  " withString:@"  "];
    }
    return htmlString;
}

A little improvement on @Markus' code [Change <br /> to <p></p>, escape multiple spaces]

- (NSString*)textToHtml:(NSString*)htmlString {
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"&"  withString:@"&"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"<"  withString:@"<"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@">"  withString:@">"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"""" withString:@"""];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"'"  withString:@"'"];

    htmlString = [@"<p>" stringByAppendingString:htmlString];
    htmlString = [htmlString stringByAppendingString:@"</p>"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"\n" withString:@"</p><p>"];
//  htmlString = [htmlString stringByReplacingOccurrencesOfString:@"\n" withString:@"<br />"];
    while ([htmlString rangeOfString:@"  "].length > 0) {
        htmlString = [htmlString stringByReplacingOccurrencesOfString:@"  " withString:@"  "];
    }
    return htmlString;
}
回复 原文
以歌曲疗慰 2024-08-17 00:09:45

我一直在寻找类似的解决方案,这对我来说很有效

NSString* value = @"<&>";
const void* keys[1] = {CFSTR("somekey")};
const void* values[1] = {value};    
CFDictionaryRef dicRef =  CFDictionaryCreate(kCFAllocatorDefault, keys, values, 1, nil, nil);    
CFDataRef dataRef = CFPropertyListCreateData(kCFAllocatorDefault, dicRef, kCFPropertyListXMLFormat_v1_0, 0, NULL);    
NSString *str = [[NSString alloc]initWithData:(NSData *)dataRef encoding:NSUTF8StringEncoding];    
NSRange start =[str rangeOfString:@"string>"];
NSRange end =[str rangeOfString:@"</string"];    
NSString *substr = [str substringWithRange:NSMakeRange(start.location+start.length, end.location-(start.location+start.length))];
[str release];
CFRelease(dicRef);
CFRelease(dataRef);

//Substring 现在是 html 实体编码

我正在使用保存 plist 文件时使用的一些功能。我希望这有帮助。

I have been looking for a similar solution and this did the job for me

NSString* value = @"<&>";
const void* keys[1] = {CFSTR("somekey")};
const void* values[1] = {value};    
CFDictionaryRef dicRef =  CFDictionaryCreate(kCFAllocatorDefault, keys, values, 1, nil, nil);    
CFDataRef dataRef = CFPropertyListCreateData(kCFAllocatorDefault, dicRef, kCFPropertyListXMLFormat_v1_0, 0, NULL);    
NSString *str = [[NSString alloc]initWithData:(NSData *)dataRef encoding:NSUTF8StringEncoding];    
NSRange start =[str rangeOfString:@"string>"];
NSRange end =[str rangeOfString:@"</string"];    
NSString *substr = [str substringWithRange:NSMakeRange(start.location+start.length, end.location-(start.location+start.length))];
[str release];
CFRelease(dicRef);
CFRelease(dataRef);

//Substring is now html entity encoded

I am using some of the features that is used when saving plist files. I hope this helps.

回复 原文
萌辣 2024-08-17 00:09:45

我正在扩展@Markus 答案,因为我的情况是我正在发送 JSON 字符串,所以我需要添加一些转义,这些是我的功能:

注意:
来自 w3schools 的异常参考。 https://www.w3schools.com/tags/ref_urlencode.asp

- (NSString*)convertStringToHTMLEscape:(NSString*)stringContent
{
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@"{" withString:@"%7B"];
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@"}" withString:@"%7D"];
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@"[" withString:@"%5B"];
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@"]" withString:@"%5D"];
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@" " withString:@"%20"];
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@"\"" withString:@"%22"];
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@"\\" withString:@"%5C"];
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@"/" withString:@"%2F"];

    return stringContent;
}

I'm expanding @Markus answer, because my case is i'm sending JSON string, so i need to added some escape, these are my function :

note :
the exception reference from w3schools. https://www.w3schools.com/tags/ref_urlencode.asp

- (NSString*)convertStringToHTMLEscape:(NSString*)stringContent
{
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@"{" withString:@"%7B"];
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@"}" withString:@"%7D"];
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@"[" withString:@"%5B"];
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@"]" withString:@"%5D"];
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@" " withString:@"%20"];
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@"\"" withString:@"%22"];
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@"\\" withString:@"%5C"];
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@"/" withString:@"%2F"];

    return stringContent;
}
回复 原文
踏月而来 2024-08-17 00:09:45

假设电子邮件的字符编码支持 Unicode(例如 UTF-8),您是否可以仅查找并替换出现的 <>& ;<>&

Assuming the character encoding of the email supports Unicode - say UTF-8 - could you not just find and replace the occurrences of <, >, and & with <, >, and &?

回复 原文
~没有更多了~

关于作者

终难遇

暂无简介

0 文章
0 评论
21 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

lioqio

文章 0 评论 0

Single

文章 0 评论 0

禾厶谷欠

文章 0 评论 0

alipaysp_2zg8elfGgC

文章 0 评论 0

qq_N6d4X7

文章 0 评论 0

放低过去

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文