Hello, I used the rich: editor component to enter rich content and I save it in a database. but when I tried to display it in outputText field , rich tags are not interpreted and are displayed as simple text. So my question is: how to make jsf component (or Richfaces) interpret this rich content and display it properly??
+4
A:
The h:outputText indeed by default escapes predefined XML/HTML entities to avoid XSS attacks. If you want to display user-controlled input unescaped, then just set the escape attribute to false.
<h:outputText value="#{bean.text}" escape="false" />
However, keep potential XSS attacks in mind. If the rich:editor isn't already sanitizing user input from XSS, then you can do this with help of among others Jsoup.
BalusC
2010-10-16 16:46:34