-
2. Re: h:inputText escape problem
yyq2009 Oct 13, 2009 5:44 AM (in response to yyq2009)Thanks for your timely reply.
My managed bean---bean
class Bean{
String char1 = ">";
String char2 ="<";
//setter and getter
...
}
in jsf page.
<h:outputText value="#{bean.char1}" escape="true"/> ###It shows ">" in html page.
<h:inputText value="#{bean.char1}" /> ###It shows ">" in html page, what i want is the inputText shows the same value as the outputText, shows ">" not ">"
Do you get me?
any help?
Thanks in advance. -
3. Re: h:inputText escape problem
nbelaevski Oct 13, 2009 6:58 AM (in response to yyq2009)Use "&gt;" then.
-
4. Re: h:inputText escape problem
nbelaevski Oct 13, 2009 8:31 AM (in response to yyq2009)BTW, h:inputText should do escapement automatically. What is JSF version?
-
5. Re: h:inputText escape problem
yyq2009 Oct 13, 2009 8:58 PM (in response to yyq2009)Hi,nbelaevski, my jsf is 1.2, and h:inputText doesn't do any escapement
at all.
I can't use "&gt;", because ">" is a part of java regex expression.
Looking for a better solution. -
6. Re: h:inputText escape problem
yyq2009 Oct 13, 2009 9:30 PM (in response to yyq2009)Hi,nbelaevski, You are right. I replaced all "&" by "&" and it displays "&" in h:inputText, when i save the value of h:inputText, i get the symbol "&" not "&" so it is still right for me.
Thanks for your reply.
Thanks everyone helped me. -
7. Re: h:inputText escape problem
nbelaevski Oct 14, 2009 6:39 AM (in response to yyq2009)Works for me without need to escape '&' char. There's something wrong with it - I recommend to check its security for XSS then: http://labs.jboss.com/community/wiki/JavawebapplicationssecurityXSS