abc. When it reaches ${someManagedBean.someValue}in my xhtm...">
Geek Answers Handbook

Jsf please don't avoid my html

From dbms I get stuff like <font color="red"> abc</font>. When it reaches ${someManagedBean.someValue}in my xhtml file, the output is sanitized. This is great for 99.999% of all cases.

Question: Is there a way to turn off automatic shielding?

Bonus question: can I enable html and disable javascript?

+5
source share
3 answers

https://docs.oracle.com/javaee/7/javaserver-faces-2-2/vdldocs-facelets/h/outputText.html

escape=false

Not sure about preventing JS just though. You may need to parse the HTML code yourself to get rid of the <script>content as well.

- (http://www.jsftoolbox.com/documentation/help/12-TagReference/html/h_outputText.html), . Oracle.

+5
<h:outputText value="#{someManagedBean.someValue}" escape="false" />
+13

outputFormat can help you. Check out http://www.mkyong.com/jsf2/jsf-2-outputformat-example/

0
source

More articles:


All Articles