We use the case when we need to output text that is a combination of static text and dynamic values ββfrom a database, the full text is allowed using message properties with specific language static blocks of text.
We need to avoid the output text to prevent XSS attacks.
However, we also need to apply formatting to the full line, for example:
Hello <b>{username}</b>!
This is pseudo-syntax, of course, {username} is a variable that should be replaced with the real username, the other text is static and is defined in the message property (for example: "Helloy <b>{0}</b>!" ).
A normal JSF outputText will not work, as it will either exit everything or nothing, thereby destroying our formatting.
Please note that we cannot make a βrealβ JSF component from these fragments, since the position and order of variable fields depend on the language (for example, the word order in German and English).
At Seam, this component is called formattedText , which deals with this and has an elegant solution. However, we cannot (and cannot) use Seam in our application.
Are there any similar approaches / libraries?
source share