JSF请不要逃避我的HTML [英] JSF please don't escape my html
问题描述
从dbms我得到的内容如< font color =red> ABC< /字体>
。当它到达我的xhtml文件中的 $ {someManagedBean.someValue}
时,输出将被清理。这对99,999%的案件来说都很棒。
From the dbms I get stuff like <font color="red"> abc</font>
. When it reaches the ${someManagedBean.someValue}
in my xhtml file the output is sanitized. That is great for 99,999% of all cases.
问题:有没有办法禁用这种自动转义?
Question: Is there some way to disable this auto escaping?
奖金问题:我是否只允许html和禁止javascript?
Bonus Question: Can I only allow html and disallow javascript?
推荐答案
http://www.jsftoolbox.com/documentation/help/12-TagReference/html/h_outputText.html
escape = false
不确定是否仅限制JS。您可能必须自己解析HTML以摆脱< script>
和内容。
Not sure about preventing JS only though. You might have to parse the HTML yourself to get rid of <script>
and contents.
这篇关于JSF请不要逃避我的HTML的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!