tags:

views:

1998

answers:

5
+1  Q: 

HTML entity encoding (convert '<' to '&lt;') on iPhone in objective-c

I'm developing an application for the iPhone that has inApp-mail sending capabilities. So far so good, but now I want to avoid html-injections as some parts of the mail are user-generated texts.

Basically I search for something like this:

// inits
NSString *sourceString = [NSString stringWithString:@"Hello world! Grüße dich Welt <-- This is in German."];

//                                          -----   THAT'S WHAT I'M LOOKING FOR
// pseudo-code                              |
//                                          V
NSString *htmlEncodedString = [sourceString htmlEncode];

// log
NSLog(@"source string: %@", sourceString);
NSLog(@"encoded string: %@", htmlEncodedString);

Expected output
source string: Hello world! Grüße dich Welt <-- This is in German.
encoded string: Hello world! Gr&#252;&#223;e dich Welt &lt;-- This is in German.

I already googled and looked through several of SO's questions and answers, but all of them seem to be related to URL-encoding and that's not what I really need (I tried stringByAddingPercentEscapesUsingEncoding with no luck - it creates %C3%BC out of an 'ü' that should be an ü).

A code sample would be really great (correcting mine?)...

--
Thanks in advance,
Markus

A: 

Assuming the character encoding of the email supports Unicode - say UTF-8 - could you not just find and replace the occurrences of <, >, and & with &lt, &gt, and &amp;?

teabot  2009-11-03 12:02:18
Thanks for your answer. Basically you are right, but as there is a function to encode URLs (stringByAddingPercentEscapesUsingEncoding) I wondered if there is no similar one for HTML character encoding. I'd find it strange if I was the first one with this kind of _problem_ and even stranger if there wasn't a "right" way of doing this that is other than reinventing the wheel.
Markus  2009-11-03 12:13:22
No, there's no such built-in function. You could use NSScanner to replace as suggested by teabot; here's an approach that completely strips HTML tags, you could just modify it: http://sugarmaplesoftware.com/25/strip-html-tags/
Pascal  2009-11-03 13:20:31
Thanks a lot for the answer and the link!
Markus  2009-11-04 10:06:14
+1  A: 

See this dupe: http://stackoverflow.com/questions/659602/objective-c-html-escape-unescape

Roger Nolan  2009-11-03 13:15:31
Thanks! (Edit: removed the wrong comment - sorry)
Markus  2009-12-10 11:09:06
+1  A: 

Thanks @all. I ended up using my own implementation:

//
// _________________________________________
//
// textToHtml
// _________________________________________
//
- (NSString*)textToHtml:(NSString*)htmlString {
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"&"  withString:@"&amp;"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"<"  withString:@"&lt;"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@">"  withString:@"&gt;"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"""" withString:@"&quot;"];    
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"'"  withString:@"&#039;"];
    htmlString = [htmlString stringByReplacingOccurrencesOfString:@"\n" withString:@"<br>"];
    return htmlString;
}
Markus  2009-11-04 11:21:40
just a side note: since you are also replacing \n with <br> that you should name your function differently (textToHtml for example). The name escapeHTML will indicate to other developers that you are just doing escaping (which you are not) and this will eventually cause bugs if someone tries to re-use this function...
Nir Levy  2009-12-10 11:47:49
Good point. Just updated the code snippet accordingly. Thanks!
Markus  2010-01-26 11:00:05
Aren't you leaking a bunch of NSStrings there?
Rhythmic Fistman  2010-01-31 17:59:09
Wait, no, they're all autoreleased: http://stackoverflow.com/questions/531550/string-manipulation-without-memory-leaks
Rhythmic Fistman  2010-01-31 18:49:39
A: 

Markus,

In your implementation you should escape the & first.

Tome  2009-12-10 03:33:28
Thanks! Just fixed it :)
Markus  2009-12-10 11:10:02
+1  A: 

Check out my NSString category for HTML. Here are the methods available:

- (NSString *)stringByConvertingHTMLToPlainText;
- (NSString *)stringByDecodingHTMLEntities;
- (NSString *)stringByEncodingHTMLEntities;
- (NSString *)stringWithNewLinesAsBRs;
- (NSString *)stringByRemovingNewLinesAndWhitespace;
Michael Waterfall  2010-05-16 11:03:19

related questions

How do we get arround Apple's decission to skip sms templates for iPhone?
iPhone App Crashing - Error Question
Can I write native iPhone apps using Python
Does the Iphone 1/2 have a compass inside?
How do you beta test an iphone app?
Is it just the iPhone simulator that is restricted to intel only Mac's?
iPhone App Minus App Store?
Deleting messages from Exchange IMAP mailbox on iPhone
Is there a multiplatform framework for developing iPhone / Android applications?
How can I launch the Google Maps iPhone application from within my own native application?
Tips for a successful AppStore submission?
iPhone app that access the Core Location framework over web
Virtual Mac?
What's a good machine for iPhone development?
How can I develop for iPhone using a Windows development machine?
Recommended iPhone Development Resources
Best Wiki for Mobile Users
How to programmatically send SMS on the iPhone?
iPhone - Exchange Calendars in Public Folders
iPhone web applications, templates, frameworks?
Understanding reference counting with Cocoa / Objective C
How-to articles for iPhone development, Objective-C
What are the correct pixel dimensions for an apple-touch-icon?
How do I give my web sites an icon for iPhone?
iPhone app in landscape mode