My JSF Books/Videos My JSF Tutorials OmniFaces/JSF PPTs
JSF 2.3 Tutorial
JSF Caching Tutorial
JSF Navigation Tutorial
JSF Scopes Tutorial
JSF Page Author Beginner's Guide
OmniFaces 2.3 Tutorial Examples
OmniFaces 2.2 Tutorial Examples
JSF Events Tutorial
OmniFaces Callbacks Usages
JSF State Tutorial
JSF and Design Patterns
JSF 2.3 New Features (2.3-m04)
Introduction to OmniFaces
25+ Reasons to use OmniFaces in JSF
OmniFaces Validators
OmniFaces Converters
JSF Design Patterns
Mastering OmniFaces
Reusable and less-verbose JSF code

My JSF Resources ...

Java EE Guardian
Member of JCG Program
Member MVB DZone
Blog curated on ZEEF
OmniFaces is an utility library for JSF, including PrimeFaces, RichFaces, ICEfaces ...

[OmniFaces Utilities] - Find the right JSF OmniFaces 2 utilities methods/functions

Search on blog

Petition by Java EE Guardians

Twitter

joi, 11 iunie 2015

[OmniFaces utilities 2.0] Write the given text either HTML-escaped or unescaped


[OmniFaces utilities] The writeText() method writes the given text either HTML-escaped or unescaped. Beware of potential XSS attack holes when user-controlled input is written unescaped!

Method:
Usage:

Markup to be displayed escaped/un-escaped (render an Internet Explorer (IE) conditional comment):
<!--[if lte IE 9]><link rel="stylesheet" href="#{resource['default:css/ie.css']}" /><![endif]-->

Escaped markup (XSS attack protected):
import org.omnifaces.util.Renderers;
...
@Override
public void encodeBegin(FacesContext context) throws IOException {
 ResponseWriter writer = context.getResponseWriter();
 ...
 Renderers.writeText(writer, this, "<!--[if lte IE 9]><link rel="stylesheet" href="
           #{resource['default:css/ie.css']}" /><![endif]-->", true);
 ...
}

Page source code:
<!--[if lte IE 9]><link rel="stylesheet" href="#{resource['default:css/ie.css']}" /><![endif]-->

On screen:
<!--[if lte IE 9]><link rel="stylesheet" href="#{resource['default:css/ie.css']}" /><![endif]-->

Un-escaped markup (potential XSS attack hole):
import org.omnifaces.util.Renderers;
...
@Override
public void encodeBegin(FacesContext context) throws IOException {
 ResponseWriter writer = context.getResponseWriter();
 ...
 Renderers.writeText(writer, this, "<!--[if lte IE 9]><link rel="stylesheet" href="
           #{resource['default:css/ie.css']}" /><![endif]-->", false);
 ...
}

Page source code:
<!--[if lte IE 9]><link rel="stylesheet" href="#{resource['default:css/ie.css']}" /><![endif]-->

On screen:
<!--[if lte IE 9]><link rel="stylesheet" href="#{resource['default:css/ie.css']}" /><![endif]-->

Note For cases as above you can rely on OmniFaces, ConditionalComment component.

Niciun comentariu :

Trimiteți un comentariu

JSF BOOKS COLLECTION

Postări populare

OmniFaces/JSF Fans

Follow by Email

Visitors Starting 4 September 2015

Locations of Site Visitors