JSF by default escapes HTML from backing bean properties in order to prevent XSS attack holes. To disable this, just set the escape
attribute of the <h:outputText>
to false
.
<h:outputText ... escape="false" />
This way the HTML won’t be escaped and will thus be interpreted by the webbrowser.
Unrelated to the concrete problem, beware of XSS attacks as you’re here basically redisplaying user-controlled input unescaped. You might want to sanitize it beforehand.