Component to inject and interpret String with HTML code into JSF page
JSF by default escapes HTML from backing bean properties in order to prevent XSS attack holes. To disable this, just set the escape attribute of the <h:outputText> to false.
<h:outputText ... escape="false" />
This way the HTML won't be escaped and will thus be interpreted by the webbrowser.
Unrelated to the concrete problem, beware of XSS attacks as you're here basically redisplaying user-controlled input unescaped. You might want to sanitize it beforehand.
- What is the general concept behind XSS?
- CSRF, XSS and SQL Injection attack prevention in JSF
- Server side HTML sanitizer/cleanup for JSF
- Escape everything but linebreaks in h:outputText
JSF: Dynamically inject html components and scripts inside a page or template
You can use <h:outputText> together with escape="false". That way the generated stuff will be html code rather than just some text.
e.g., let myBean be the managed bean with the following code,
String div = "<div>Hello World</div>";
In your .xhtml, you would write,
<h:outputText value="#{myBean.div}" escape="false" />
This would result in <div>Hello World</div> being injected as a part of the html code, in other words the <div> tag would be recognized.
Similar thing could be mocked for javaScript code as well, e.g.,
String scriptCode = "<script>function alertHello(){alert('Hello World')}</script>";
In your .xhtml, you would write,
<h:outputText value="#{myBean.scriptCode}" escape="false" />
Interpreting EL expression containing HTML in JSF page
You need to tell JSF EL not to escape Bean's field value using <h:outputText> tag.
<div class="fr-view"><h:outputText value="#{article.body}" escape="false"/></div>
How to display string in html format on jsf page
Check out if h:outputText's escape flag set to false can help you.
escape: This attribute sets a boolean flag value that determines if
sensitive HTML and XML characters should be escaped in the output
generated by the component. It's default value is "true".
(Description from here)
Including HTML in JSF resource bundle string - possible?
Yes, just set escape="false" on the <h:outputText> so that the value won't be HTML-escaped.
<h:outputText value="#{bundle['some.key']}" escape="false" />
Jsf control that format text with html tags
the outputText control has an 'escape' property which controls that behaviour.
See here (outputText reference).
So basically:
<h:outputText escape="false" value="#{messages['text.String']}" />
should do the job.
JSF and HTML code returned as a String from Managed Bean possible?
No; JSF tags are interpreted on the server, but the content of a h:outputText is sent to the browser.
It is also worth noting that your current approach must disable HTML escaping to work, which is a security vulnerability if your table also contains user-supplied data.
The usual way is to have the tabular data in the backing bean, and use iterating jsf components such as a h:datatable (or its equivalent from whatever component library you are using), ui:repeat, or c:foreach to render the table.
How to display raw HTML tags in p:column?
JSF escaping worked:
<p:column width="500" style="word-wrap: break-word">
<f:facet name="header">User Note</f:facet>
<h:outputText value ="#{entity.userNoteDisplay}" escape="false"/>
</p:column>
Related Topics
Why Are Nested Anchor Tags Illegal
How to Have Two Background Colors For a Single HTML Element
How to Create a Checkbox With a Clickable Label
Adding a Favicon to a Static HTML Page
How to Make Blinking/Flashing Text With CSS 3
Html: Include, or Exclude, Optional Closing Tags
Show Youtube Video Source into Html5 Video Tag
Css Content Property: How to Insert HTML Instead of Text
Regular Expression to Remove HTML Tags from a String
Html Parsing of Cricinfo Scorecards
How to Change the Height of a ≪Br≫
Display Pdf Within Web Browser
How to Add Default Value For HTML ≪Textarea≫
How to Make Html5 Video Fullscreen