Hi, always i use el expressions like this;
<h:outputText value="#{bean.value}" escape="true" />;
and i cannot escape from xml in input fields:
<h:inputText value="#{bean.value}" />
is there a way to totally escape xml in facelets.
for instance a context parameter;
<context-param>
<param-name>facelets.ESCAPE_XML</param-name>
<param-value>false</param-value>
</context-param>
Override the renderer for <h:outputText> and comment out the part where it escapes the text. Then register your renderer in your faces.config.xml.
Of course, this will only work if you use that tag. It won't work if you just output an expression eg #{bean.value}.
Personally, I'd rather stick with having to add the escape attribute.
Have not tried it but you could maybe use a custom converter like the one bellow(Converts \n to
)
import javax.faces.component.UIComponent; import javax.faces.context.FacesContext; import javax.faces.convert.Converter;
import org.apache.commons.lang.StringUtils;
public class BreakLineConverter implements Converter {
/**
* No conversion required
*/
public Object getAsObject(FacesContext context, UIComponent component, String value) {
return value;
}
/**
* Converts All \r \n \r\n into break
*/
public String getAsString(FacesContext context, UIComponent component, Object value) {
if (null==value || StringUtils.isEmpty((String)value))
return "";
String val=value.toString();
//This will take care of Windows and *nix based line separators
return val.replaceAll("\r\n", "<br />").replaceAll("\r", "<br />").replaceAll("\n", "<br />");
}
}
Register converter in faces-config.xml
<converter>
<description>Converts data to be displayed in web format
</description>
<converter-id>BreakLineConverter</converter-id>
<converter-class>comp.web.converter.BreakLineConverter</converter-class>
</converter>
Both the h:outputText and h:inputText by default already escapes XML entities. You can't even turn it off in h:inputText as you could do in h:outputText. Your problem lies somewhere else. Maybe your understanding/definition of "escape XML" is wrong. Also, your <context-param> example suggests that you want to disable XML escaping. You can't do that for h:inputText because your webapp would then be prone for XSS attacks. You don't want to have that.