[Development] QString::toHtmlEscaped()

lars.knoll at nokia.com lars.knoll at nokia.com
Thu Jan 19 10:02:37 CET 2012


On 1/18/12 10:25 PM, "ext Richard Moore" <rich at kde.org> wrote:

>On Wed, Jan 18, 2012 at 8:07 PM, Robin Burchell <robin+qt at viroteck.net>
>wrote:
>> On Wed, Jan 18, 2012 at 9:52 PM,  <kranthi.kumar-kuntala at nokia.com>
>>wrote:
>>> I was looking at toHtmlEscaped() method in QString class which converts
>>> metacharacters <, >, &, and " replaced by HTML entities.
>>> is there any other method which can replace other metacharacters for
>>>example
>>> (: , =  ) etc ?
>
>(:,=) etc. are not HTML meta characters. The set of things that should
>be escaped (and the correct escaping mechanism) vary massively
>depending on the type of content you're generating and the context in
>that content in which your putting the string. For example, if you are
>putting together something like this:
>
>QString scriptBlock = "<script>var a_string=\"%1\";</script>";
>scriptBlock = scriptBlock.arg(mystring);
>
>If you're putting this into QtWebkit, you actually need to prevent the
>value of mystring from containing the literal characters </script> if
>you want it to work.
>
>>
>> My personal feeling is that toHtmlEscaped should do this. It does sort
>> of imply that already, after all. It probably isn't even all that
>> difficult to do. One thing I'm not sure about is what the impact on
>> e.g. QWidget (and other things that use similar tricks) will be: will
>> they display escaped entities correctly? Anyone on list happen to know
>> the answer to that?
>
>I don't think this is really possible to implement. If we want to
>document the limitations of the existing method then I'm all for it,
>but I really don't think this is a solvable issue.
>
>>
>>> Also is there a method which will do the other way round eg:
>>> fromHtmlEscaped() ?
>>
>> I think having one would be handy, myself. +1
>
>That is more practical than escaping, but it's not as easy as you
>might think. There are dozens of named entities defined in HTML (and
>we would also need to handle all the unicode escaping too). It's
>certainly doable, but would need a table of all the entities. I'd feel
>pretty positive about a change to add this.

Is there really any big value in having this? It feels wrong to have
special handling for HTML in here. While it's one of the most prominent
formats for rich text, there are so many other formats that would require
different escaping and we certainly don't want to support them all. I can
live with toHTMLEscaped(), since it cleans up a really messy part of the
Qt 4 API, but I'm not sure I want to extend this a whole lot more.

Cheers,
Lars




More information about the Development mailing list