问题
I used the rich: editor component to enter rich content and I save it in a database. When I tried to display it in outputText field , rich tags are not interpreted and are displayed as simple text. So my question is: how can I make the jsf component (or Richfaces) interpret this rich content and display it properly??
回答1:
The h:outputText indeed by default escapes predefined XML/HTML entities to avoid XSS attacks. If you want to display user-controlled input unescaped, then just set the escape attribute to false.
<h:outputText value="#{bean.text}" escape="false" />
However, keep potential XSS attacks in mind. If the rich:editor isn't already sanitizing user input from XSS, then you can do this with help of among others Jsoup.
来源:https://stackoverflow.com/questions/3949295/how-to-display-rich-content-using-jsf-component