[Development] QString::toHtmlEscaped()
Richard Moore
rich at kde.org
Wed Jan 18 22:25:53 CET 2012
On Wed, Jan 18, 2012 at 8:07 PM, Robin Burchell <robin+qt at viroteck.net> wrote:
> On Wed, Jan 18, 2012 at 9:52 PM, <kranthi.kumar-kuntala at nokia.com> wrote:
>> I was looking at toHtmlEscaped() method in QString class which converts
>> metacharacters <, >, &, and " replaced by HTML entities.
>> is there any other method which can replace other metacharacters for example
>> (: , = ) etc ?
(:,=) etc. are not HTML meta characters. The set of things that should
be escaped (and the correct escaping mechanism) vary massively
depending on the type of content you're generating and the context in
that content in which your putting the string. For example, if you are
putting together something like this:
QString scriptBlock = "<script>var a_string=\"%1\";</script>";
scriptBlock = scriptBlock.arg(mystring);
If you're putting this into QtWebkit, you actually need to prevent the
value of mystring from containing the literal characters </script> if
you want it to work.
>
> My personal feeling is that toHtmlEscaped should do this. It does sort
> of imply that already, after all. It probably isn't even all that
> difficult to do. One thing I'm not sure about is what the impact on
> e.g. QWidget (and other things that use similar tricks) will be: will
> they display escaped entities correctly? Anyone on list happen to know
> the answer to that?
I don't think this is really possible to implement. If we want to
document the limitations of the existing method then I'm all for it,
but I really don't think this is a solvable issue.
>
>> Also is there a method which will do the other way round eg:
>> fromHtmlEscaped() ?
>
> I think having one would be handy, myself. +1
That is more practical than escaping, but it's not as easy as you
might think. There are dozens of named entities defined in HTML (and
we would also need to handle all the unicode escaping too). It's
certainly doable, but would need a table of all the entities. I'd feel
pretty positive about a change to add this.
Cheers
Rich.
More information about the Development
mailing list