Component to inject and interpret String with HTML code into JSF page

I'm using PrimeFaces with JSF 2.0 to build one application. I'm using PrimeFaces <p:editor> component to enable user to create rich text. But the output of this component is HTML source which look like this:

String text = "<p>This text <i>contains</i> some <b>HTML</b> code.</p>";

When I show this in a <h:outputText> as below:

<h:outputText value="#{bean.text}" />

Then it shows the HTML code as plain text:

<p>This text <i>contains</i> some <b>HTML</b> code.</p>

Is there any component which can interpret the HTML source so that e.g. <i> is actually shown as italics and <b> as bold?

This text contains some HTML code.


JSF by default escapes HTML from backing bean properties in order to prevent XSS attack holes. To disable this, just set the escape attribute of the <h:outputText> to false.

<h:outputText ... escape="false" />

This way the HTML won't be escaped and will thus be interpreted by the webbrowser.


Unrelated to the concrete problem, beware of XSS attacks as you're here basically redisplaying user-controlled input unescaped. You might want to sanitize it beforehand.

  • What is the general concept behind XSS?
  • CSRF, XSS and SQL Injection attack prevention in JSF
  • Server side HTML sanitizer/cleanup for JSF
  • Escape everything but linebreaks in h:outputText