3 Replies Latest reply on Mar 10, 2010 5:33 AM by Nick Belaevski

    rich:editor problem. How to displaying the input text with JSF h:outputText (escape problem)

    bb bb Master



      What is the official solution to displaying a text that is typed in a rich:editor (because it generates html characters)


      If I use <h:outputText value="#{richeditorvalue.text}" escape="true" />

      It will show html characters instead of formatted text.



      If I use <h:outputText value="#{richeditorvalue.text}"  escape="false" />

      I will give a possibility to Cross Site Scripting.


      Or, I should use escape=false with server validation?


      So which is the good way?