3 Replies Latest reply on Mar 10, 2010 5:33 AM by Nick Belaevski

    rich:editor problem. How to displaying the input text with JSF h:outputText (escape problem)

    bb bb Master

      HY!

       

      What is the official solution to displaying a text that is typed in a rich:editor (because it generates html characters)

       

      If I use <h:outputText value="#{richeditorvalue.text}" escape="true" />

      It will show html characters instead of formatted text.

       

       

      If I use <h:outputText value="#{richeditorvalue.text}"  escape="false" />

      I will give a possibility to Cross Site Scripting.

       

      Or, I should use escape=false with server validation?

       

      So which is the good way?