Component to inject and interpret String with HTML code into JSF page

by

JSF by default escapes HTML from backing bean properties in order to prevent XSS attack holes. To disable this, just set the escape attribute of the <h:outputText> to false.

<h:outputText ... escape="false" />

This way the HTML won’t be escaped and will thus be interpreted by the webbrowser.

Unrelated to the concrete problem, beware of XSS attacks as you’re here basically redisplaying user-controlled input unescaped. You might want to sanitize it beforehand.

More Related Contents:

  1. Is it possible to use JSF+Facelets with HTML 4/5?
  2. Is it possible to update non-JSF components (plain HTML) with JSF ajax?
  3. Adding custom attribute (HTML5) support to JSF 2.0 UIInput component
  4. How do I add HTML code to JSF FacesMessage
  5. How to find out client ID of component for ajax update/render? Cannot find component with expression “foo” referenced from “bar”
  6. How to use PrimeFaces p:fileUpload? Listener method is never invoked or UploadedFile is null / throws an error / not usable
  7. How to select JSF components using jQuery?
  8. Custom HTML tag attributes are not rendered by JSF
  9. How to let validation depend on the pressed button?
  10. Can I update a JSF component from a JSF backing bean method?
  11. printing “” using html
  12. JavaServer Faces 2.2 and HTML5 support, why is XHTML still being used
  13. Execution order of events when pressing PrimeFaces p:commandButton
  14. Why shouldn’t `'` be used to escape single quotes?
  15. How to conditionally render plain HTML elements like s?
  16. PrimeFaces validator not fired
  17. JSF + PrimeFaces: `update` attribute does not update component
  18. PrimeFaces commandButton doesn’t navigate or update
  19. Conditional rendering of non-JSF components (plain vanilla HTML and template text)
  20. How to use EL in PrimeFaces oncomplete attribute which is updated during action method
  21. Can you update an h:outputLabel from a p:ajax listener?
  22. UISelectMany on a List causes java.lang.ClassCastException: java.lang.String cannot be cast to T
  23. How to use p:graphicImage with StreamedContent within p:dataTable? [duplicate]
  24. c:forEach inside primefaces(e.g. p:panelgrid) inside ui:repeat
  25. List of events
  26. Primefaces valueChangeListener or
  27. Keep open when validation has failed
  28. JSF vs HTML(JSP) for enterprise portals UI layer. Which one to Choose? and WHY? [closed]
  29. Ajax update and submission using h:commandButton
  30. JSF resource versioning

Leave a Comment