开发者

converting html into text

开发者 https://www.devze.com 2023-02-21 01:15 出处:网络
I am working with JSF. I have used RichFaces\'s \'RichEditor\'. I am storing contents from this editor into a bean and displaying into a JSF form. But it shows HTML tags on the JSF form. For开发者_Go百

I am working with JSF. I have used RichFaces's 'RichEditor'. I am storing contents from this editor into a bean and displaying into a JSF form. But it shows HTML tags on the JSF form. For开发者_Go百科 that I have used JSoup HTML Parser. But it completely converts the written content of the rich editor to simple text, removing all formatting like bold, buttons used, newline, etc. I need to display as it is in the jSF form as the editor.

Please help...

CODE for Rich Editor

            <f:param name="theme_advanced_buttons1" value="
            newdocument,separator,copy,cut,paste,pasteword,undo,redo,separator,bold,italic,underline,
            strikethrough,forecolor,backcolor,separator,
            justifyleft,justifycenter,justifyright,justifyfull,outdent,indent " />

        <f:param name="theme_advanced_buttons2" value= "bullist,numlist,separator,
        insertdate,inserttime,separator,image,emotions,styleprops,fontselect,fontsizeselect,formatselect,search,replace"/>  

        <f:param name="theme_advanced_toolbar_location" value="top"/>                               
        <f:param name="theme_advanced_toolbar_align" value="left"/>
        <f:param name="theme_advanced_font_sizes" value="10px,12px,14px,16px,18px,20px,24px,32px,36px,42px,48px,60px,72px"/>
        <f:param name="theme_advanced_fonts" value="Andale Mono=andale mono,times;
            Arial=arial,helvetica,sans-serif;
            Arial Black=arial black,avant garde;
            Book Antiqua=book antiqua,palatino;
            Calibri=calibri;
            Comic Sans MS=comic sans ms,sans-serif;
            Courier New=courier new,courier;
            Georgia=georgia,palatino;
            Helvetica=helvetica;
            Impact=impact,chicago;
            Symbol=symbol;
            Tahoma=tahoma,arial,helvetica,sans-serif;
            Terminal=terminal,monaco;
            Times New Roman=times new roman,times;
            Trebuchet MS=trebuchet ms,geneva;
            Verdana=verdana,geneva;
            Webdings=webdings;
            Wingdings=wingdings,zapf dingbats"/>

        </rich:editor>   

FROM Java....

public String saveNotice() {

    System.out.println(html2text(editor));



    return "";

}


public  String html2text(String editor)
{
    String edit;


    edit=Jsoup.parse(editor).text();
    setEditor(edit);
    return edit;


}


When you're redisplaying it using <h:outputText>, JSF will escape them in order to prevent XSS attacks. You need to add escape="false" to redisplay the HTML plain (which thus get interpreted by the webbrowser).

<h:outputText value="#{bean.html}" escape="false" />

However, this is still a potential XSS hole. Since you're already using Jsoup, you can use Jsoup#clean() to preserve some basic HTML tags and remove all other malicious tags.

public String sanitizeHtml(String html) {
    return Jsoup.clean(unsafe, Whitelist.basic());
}

The Whitelist is customizeable. See also its javadoc for details.


in your source the open tag of rich editor is missing. According editors homepage try to add the viewMode parameter. I think the value of it must be 'visual'.

0

精彩评论

暂无评论...
验证码 换一张
取 消