问题描述

我使用了rich:编辑器组件来输入丰富的内容，并将其保存在数据库中.当我尝试在outputText字段中显示它时，丰富标签不会被解释，而是显示为简单文本.所以我的问题是:如何使jsf组件(或Richfaces)解释这种丰富的内容并正确显示呢?

I used the rich: editor component to enter rich content and I save it in a database. When I tried to display it in outputText field , rich tags are not interpreted and are displayed as simple text.So my question is: how can I make the jsf component (or Richfaces) interpret this rich content and display it properly??

推荐答案

h:outputText实际上默认情况下会转义预定义的XML/HTML实体，以避免 XSS 攻击.如果要显示未转义的用户控制输入，则只需将escape属性设置为false.

The h:outputText indeed by default escapes predefined XML/HTML entities to avoid XSS attacks. If you want to display user-controlled input unescaped, then just set the escape attribute to false.

<h:outputText value="#{bean.text}" escape="false" />

但是，请记住潜在的XSS攻击.如果rich:editor尚未清除来自XSS的用户输入，则可以在 Jsoup 等帮助下进行此操作.

However, keep potential XSS attacks in mind. If the rich:editor isn't already sanitizing user input from XSS, then you can do this with help of among others Jsoup.

这篇关于如何使用jsf组件显示丰富的内容?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！