我无法确定所有这些标签是否可以安全我创建了这个简单的函数,除了用户指定的安全标记:QString SafeHtml(QString text)
{
QString result;
QStringList AllowedTags;
AllowedTags <
//we split the text by starting element
QStringList Part = text.split('
bool FirstPart = true;
foreach (QString part, Part)
{
//split removes the symbol we use to split by so we need to return it back there
if (FirstPart)
FirstPart = false;
else
part ="
//if there is no closing we don't want to render this tag
if (!part.contains(">"))
{
result += part.toHtmlEscaped();
continue;
}
//now we need to find what tag it is
QString tag = part.mid(1, part.indexOf(">") - 1);
if (tag.startsWith("/"))
tag = tag.mid(1);
if (tag.contains(""))
{
//this is some composite tag
tag = tag.mid(0, tag.indexOf(""));
}
if (!AllowedTags.contains(tag))
part = part.toHtmlEscaped();
result += part;
}
return result;
}
它不处理未封闭的html标签,所以如果有人添加了 ,它可能会把所有剩余的文本变成粗体等。