HTML中的HTML实体编码（将'<'转换为'<'）在objective-c中

Question

I'm developing an application for the iPhone that has inApp-mail sending capabilities. So far so good, but now I want to avoid html-injections as some parts of the mail are user-generated texts.

Basically I search for something like this:

// inits
NSString *sourceString = [NSString stringWithString:@"Hello world! Grüße dich Welt <-- This is in German."];

//                                          -----   THAT'S WHAT I'M LOOKING FOR
// pseudo-code                              |
//                                          V
NSString *htmlEncodedString = [sourceString htmlEncode];

// log
NSLog(@"source string: %@", sourceString);
NSLog(@"encoded string: %@", htmlEncodedString);

Expected output
source string: Hello world! Grüße dich Welt <-- This is in German.
encoded string: Hello world! Gr&#252;&#223;e dich Welt &lt;-- This is in German.

I already googled and looked through several of SO's questions and answers, but all of them seem to be related to URL-encoding and that's not what I really need (I tried stringByAddingPercentEscapesUsingEncoding with no luck - it creates %C3%BC out of an 'ü' that should be an ü).

A code sample would be really great (correcting mine?)...

--
Thanks in advance,
Markus

Answer 1

Check out my NSString category for HTML . Here are the methods available:

- (NSString *)stringByConvertingHTMLToPlainText;
- (NSString *)stringByDecodingHTMLEntities;
- (NSString *)stringByEncodingHTMLEntities;
- (NSString *)stringWithNewLinesAsBRs;
- (NSString *)stringByRemovingNewLinesAndWhitespace;

Answer 2

Thanks @all. I ended up using my own implementation:

//
// _________________________________________
//
// textToHtml
// _________________________________________
//
- (NSString*)textToHtml:(NSString*)htmlString {
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"&"  withString:@"&"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"<"  withString:@"&lt;"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@">"  withString:@"&gt;"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"""" withString:@"&quot;"];    
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"'"  withString:@"&#039;"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"\n" withString:@"<br>"];
    return htmlString;
}

Answer 3

A little improvement on @Markus' code [Change <br /> to <p></p>, escape multiple spaces]

- (NSString*)textToHtml:(NSString*)htmlString {
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"&"  withString:@"&"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"<"  withString:@"&lt;"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@">"  withString:@"&gt;"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"""" withString:@"&quot;"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"'"  withString:@"&#039;"];

    htmlString = [@"<p>" stringByAppendingString:htmlString];
    htmlString = [htmlString stringByAppendingString:@"</p>"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"\n" withString:@"</p><p>"];
//  htmlString = [htmlString stringByReplacingOccurrencesOfString:@"\n" withString:@"<br />"];
    while ([htmlString rangeOfString:@"  "].length > 0) {
        htmlString = [htmlString stringByReplacingOccurrencesOfString:@"  " withString:@"&nbsp;&nbsp;"];
    }
    return htmlString;
}

Answer 4

I'm expanding @Markus answer, because my case is i'm sending JSON string, so i need to added some escape, these are my function :

note : the exception reference from w3schools. https://www.w3schools.com/tags/ref_urlencode.asp

- (NSString*)convertStringToHTMLEscape:(NSString*)stringContent
{
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@"{" withString:@"%7B"];
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@"}" withString:@"%7D"];
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@"[" withString:@"%5B"];
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@"]" withString:@"%5D"];
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@" " withString:@"%20"];
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@"\"" withString:@"%22"];
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@"\\" withString:@"%5C"];
    stringContent = [stringContent stringByReplacingOccurrencesOfString:@"/" withString:@"%2F"];

    return stringContent;
}

Answer 5

I have been looking for a similar solution and this did the job for me

NSString* value = @"<&>";
const void* keys[1] = {CFSTR("somekey")};
const void* values[1] = {value};    
CFDictionaryRef dicRef =  CFDictionaryCreate(kCFAllocatorDefault, keys, values, 1, nil, nil);    
CFDataRef dataRef = CFPropertyListCreateData(kCFAllocatorDefault, dicRef, kCFPropertyListXMLFormat_v1_0, 0, NULL);    
NSString *str = [[NSString alloc]initWithData:(NSData *)dataRef encoding:NSUTF8StringEncoding];    
NSRange start =[str rangeOfString:@"string>"];
NSRange end =[str rangeOfString:@"</string"];    
NSString *substr = [str substringWithRange:NSMakeRange(start.location+start.length, end.location-(start.location+start.length))];
[str release];
CFRelease(dicRef);
CFRelease(dataRef);    

//Substring is now html entity encoded

I am using some of the features that is used when saving plist files. I hope this helps.

Answer 6

Assuming the character encoding of the email supports Unicode - say UTF-8 - could you not just find and replace the occurrences of < , > , and & with &lt , &gt , and & ?