Reputation: 1259
How to Html escape template fields
There's a few posts including this regarding Html escaping but this is not working for me. If I have a simple template such as this:
<html><body>$field$</body></html>
I need only the field to be escaped, not the whole template. I've created a custom render which uses the System.Web.HttpUtility class to perform the escaping of strings:
class HtmlRenderer : IAttributeRenderer
{
public string ToString(object obj, string formatString, System.Globalization.CultureInfo culture)
{
return HttpUtility.HtmlEncode(
new StringRenderer().ToString(obj, formatString, culture));
}
}
And some sample code to render the template with some data:
public static string Render()
{
var group = new TemplateGroup('$', '$');
group.RegisterRenderer(typeof(string), new HtmlRenderer());
var template = new Template(group, "<html><body>$field$</body></html>");
template.Add("field", "Chalk & Cheese");
return template.Render();
}
Returns the following:
<html><body>Chalk & Cheese</body></html>
which escapes everything.
How can I escape only the fields added to the template?
Upvotes: 1
Views: 1092
Answers (2)
Reputation: 1
I suggest another implementation - below. Why? See the default StringRenderer source code at: https://github.com/antlr/antlrcs/blob/master/Antlr4.StringTemplate/StringRenderer.cs
using System;
using System.Globalization;
using System.Security;
using System.Text;
using System.Web;
using Antlr4.StringTemplate;
class Program
{
static void Main(string[] args)
{
TemplateGroup g = new TemplateGroup('$', '$');
g.RegisterRenderer(typeof(object), new MyTemplateRenderer());
string temp = "<html>$var;format=\"html-encode\"$</html>\n$date;format=\"{0:R}\"$";
Template t = new Template(g, temp);
t.Add("var", "<>");
t.Add("date", DateTime.Now);
Console.WriteLine(t.Render());
Console.ReadLine();
}
}
public class MyTemplateRenderer : IAttributeRenderer
{
public virtual string ToString(object o, string formatString, CultureInfo culture)
{
if (formatString == null) return o.ToString();
switch (formatString) {
case "upper":
return o.ToString().ToUpper(culture);
case "lower":
return o.ToString().ToLower(culture);
case "cap":
string s = o.ToString();
return s.Length > 0 ? Char.ToUpper(s[0], culture) + s.Substring(1) : s;
case "url-encode":
return HttpUtility.UrlEncode(o.ToString(), Encoding.UTF8);
case "xml-encode":
return SecurityElement.Escape(o.ToString());
case "html-encode":
return HttpUtility.HtmlEncode(o);
default:
return String.Format(culture, formatString, o);
}
}
}
Upvotes: 0
Reputation: 3908
I am new to stringtemplate but I think I have an idea on how to make it work, I think you are nearly there, whats missing is the format option in your stringtemplate. I think what you need is this:
<html><body>$field;format="htmlTag"$</body></html>
After tagging the string template with the "htmlTag" you can register a renderer, like the one you have done above and check for that tag as follows:
public class HtmlRenderer:IAttributeRenderer
{
public string ToString(object obj,string formatString,CultureInfo culture)
{
if(formatString=="htmlEncode")
{ return HttpUtility.HtmlEncode(obj.ToString()); }
return obj.ToString();
}
}
More information can be found here: http://www.antlr.org/wiki/display/ST/Object+rendering
Note: This is untested and my C# is not very good :) but I hope I have pointed you to the right direction.
Upvotes: 1
Related Questions
- Escape text for HTML
- How to escape an html tag in Razor
- How to escape HTML by default in StringTemplate?
- What is the best way to ensure HTML entities are escaped in StringTemplate
- ASP.NET MVC HTML Escape
- Convert string to escaped html
- Escaping special characters from html
- how to render html tag as string in C#
- Escape html with mvc3 razor
- How to put static html in c#'s string?