I'm working to upgr开发者_运维问答ade an old web program written in PHP with a MySQL database as the backend.
The database is full of text like this <P><STRONG>
Which obviously is an encoded form of <P><STRONG><FONT size=4>
How can I get a JSF file to render that properly ? Outputting it as escaped text gives me the 1st line, and unescaped text gives me the 2nd line.
I want the HTML to appear as html in the document, I'll accept the risk of doing so :)
Am I better off decoding the text in the database ? I'm not sure that this is a format I want to work with in the future, but I have so little experience with HTML entities that I'm just not sure the best long-term route.
Anything from technical knowhow to the ramblings of wise old sages is welcome here.
How can I get a JSF file to render that properly ? Outputting it as escaped text gives me the 1st line, and unescaped text gives me the 2nd line.
Wrap StringEscapeUtils#unescapeHtml() in an EL function (example here) and display it in an <h:outputText> with escape="false".
<h:outputText value="#{util:unescapeHtml(bean.value)}" escape="false" />
The function will turn < to < and so on, the escape="false" will prevent JSF from re-escaping it in order to prevent user-controlled input from being literally interpreted which can possibly create XSS holes.
Am I better off decoding the text in the database? I'm not sure that this is a format I want to work with in the future, but I have so little experience with HTML entities that I'm just not sure the best long-term route.
Not storing HTML in the DB at all is the best option. If there is really no other option, then I'd opt for decoding them straight in the DB.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论