Programmatically creating stylesheets.
-
Is there a way to programmatically create stylesheet strings? I have some style sheets that need to be generated and some of the attributes come from user input. I'm looking for something that can create the stylesheets while sanitizing/validating the user provided parameters. I could just bash the strings together, but that could result in something that isn't a valid style sheet depending on user input.
-
Is there a way to programmatically create stylesheet strings? I have some style sheets that need to be generated and some of the attributes come from user input. I'm looking for something that can create the stylesheets while sanitizing/validating the user provided parameters. I could just bash the strings together, but that could result in something that isn't a valid style sheet depending on user input.
@gantzm
Hello and welcome.Not so far as I know, no.
All you can really do is escape certain characters to prevent it being "illegal". Probably forbid most punctuation characters from user, if possible! Usually malformed CSS/QSS is simply ignored. Far from perfect, but I believe you have to roll your own santizers/verifiers.
-
What sort of input are you expecting from the user and how are you getting it? If you have a template stylesheet and then get user input via comboboxes, checkboxes, and/or colorpicker widgets and then fill values into your base stylesheet it wouldn't be too bad. Any free text entry will put more of a burden on validating the user input, of course.
-
What sort of input are you expecting from the user and how are you getting it? If you have a template stylesheet and then get user input via comboboxes, checkboxes, and/or colorpicker widgets and then fill values into your base stylesheet it wouldn't be too bad. Any free text entry will put more of a burden on validating the user input, of course.
@mchinand The input is coming from a json file that can be hand edited. I'm thinking that maybe for something like a color I'll create a QColor from the text and check if it's valid. Then convert that QColor back to a string to use in the stylesheet.
Most of my work has a focus on security ( although this app does not ) and just smashing user supplied strings together is usually a bad smell. That's why I was hoping there might have been a sanitizing stylesheet builder or something similiar.
-
@mchinand The input is coming from a json file that can be hand edited. I'm thinking that maybe for something like a color I'll create a QColor from the text and check if it's valid. Then convert that QColor back to a string to use in the stylesheet.
Most of my work has a focus on security ( although this app does not ) and just smashing user supplied strings together is usually a bad smell. That's why I was hoping there might have been a sanitizing stylesheet builder or something similiar.
I'll create a QColor from the text and check if it's valid
I don't believe that is actually correct. I think the names of colors which can be used in a stylesheet are a separate set from those accepted for a
QColor. But I don't have a reference for this, Doubtless will work fine for most likered, may not for the more esoteric names. (Ah, I seeQColorsays it uses names per https://www.w3.org/TR/SVG11/types.html#ColorKeywords. Maybe those are the same as the names used in QSS/CSS.)Most of my work has a focus on security ( although this app does not ) and just smashing user supplied strings together is usually a bad smell.
Absolutely!
-
I'll create a QColor from the text and check if it's valid
I don't believe that is actually correct. I think the names of colors which can be used in a stylesheet are a separate set from those accepted for a
QColor. But I don't have a reference for this, Doubtless will work fine for most likered, may not for the more esoteric names. (Ah, I seeQColorsays it uses names per https://www.w3.org/TR/SVG11/types.html#ColorKeywords. Maybe those are the same as the names used in QSS/CSS.)Most of my work has a focus on security ( although this app does not ) and just smashing user supplied strings together is usually a bad smell.
Absolutely!
@JonB bool QColor::isValidColor(const QString &name) can be used to check if the string color is valid or not. Then create
a QColor with the string and call QString QColor::name(QColor::NameFormat format) to get a valid name for stylesheet. It is doable. -
@JonB bool QColor::isValidColor(const QString &name) can be used to check if the string color is valid or not. Then create
a QColor with the string and call QString QColor::name(QColor::NameFormat format) to get a valid name for stylesheet. It is doable. -
Hi,
Since the input is a json file, did you consider using jsonschema to validate the input your get ?
That way if the json is invalid with regard to the schema it will not get used at all.
-
@JoeCFD
? The question is whether the names recognised byQColor::isValidColor()are the same as those usable as color names in a Qt stylesheet. They may be, or they may not be, do you have a doc reference either way? -
@JonB https://doc.qt.io/qt-5/qcolor.html#setNamedColor
He has to make his protocol for this with all possible mappings.
