2 Replies Latest reply on Nov 30, 2011 10:10 PM by Mr.FishyFish

    How to escape quotes in image.metadata.title

    Mr.FishyFish

      Been working on a web template that uses image.metadata.title and image.metadata.description but when my user puts in a quote " or an apostrophe I get errors in handling the html or xml page I am generating. What I would love to have is something like php's htmlspecialchars. I have tried the following:

            string.format('%q',image.metadata.title)  which escapes the " with \" and the apostrophe with \' but in my xml I will get

            <image title="She said \"this isn\'t working \"">

      Unfortunately the \" doesn't escape the quote in xml I would like to have

           <image title ="She said &quot;this isn&#039;t working &quot;">

      Similarly if my user wants to put thml into the image title or caption I get the same problem.

        • 1. Re: How to escape quotes in image.metadata.title
          johnrellis Most Valuable Participant

          It would be nice to have an SDK function for HTML quoting.  But in the meantime, I think you'll have to use string.gsub() to do your own replacements, e.g.

           

          string.gsub (s, "\"", "&quot;")

           

          You can pass a table for the third parameter, letting you do all the necessary substitutions with on call to string.gsub().

          • 2. Re: How to escape quotes in image.metadata.title
            Mr.FishyFish Level 1

            Thanks John, didn't know about the table passing trick but wrote this which works (not very elegant), but hopefully help someone if they run into this problem

             

            -- table of entries for encoding
            local entities =
            {
            --          ["&"] = "&amp;",
                      ["<"] = "&lt;",
                      [">"] = "&gt;",
                      ["\'"] = "&#039;",
                      ["\""] = "&quot;",
              
            }
            
            
            function HTMLEncode(stringin)
                      if stringin == nil or type(stringin) ~= "string" then
                                return ''
                      end
                 
                      local encodedString = stringin
              
                      -- Decode first just incase there are any special codes
                      encodedString = HTMLDecode(encodedString)
              
                      -- Now encode the & before the rest
                      encodedString = string.gsub(encodedString,"&", "&amp;")
              
                      for i,v in pairs(entities) do 
                          encodedString = string.gsub(encodedString,i, v)
                      end
            
            
                      -- Encode known entities
                      return encodedString
            end
            
            
            
            
            function HTMLDecode(stringin)
                      if stringin == nil or type(stringin) ~= "string" then
                                return ''
                      end
              
            
            
                      local encodedString = stringin
            
            
                      for i,v in pairs(entities) do 
                          encodedString = string.gsub(encodedString,v, i)
                      end
              
                      -- finally do the &
                      encodedString = string.gsub(encodedString,"&amp;", "&")
              
                      return encodedString
            end
            
            
            -- Testing  
            -- Creat a string with problem characters and an &amp; incase some encoding is present
            local str="Hello &amp; Help's \"me\" <b>"
            
            
            -- Print out the string
            print ("Initial string is: "..str)
            
            
            print ("Encoded string is: "..HTMLEncode(str))
            
            
            print ("Decoded again    : "..HTMLDecode(HTMLEncode(str)))