Andrea Girardi
Reputation: 4427
Render HTML unescaped in a JSP page
I've a field on a DB that contains an HTML text and I need to print it into a JSP page. How can I render the HTML? Using <c:out value="${text}" /> I can see the text with HTML tags. In other words, it is escaping the HTML.
Upvotes: 2
Views: 5859
Answers (1)
BalusC
Reputation: 1108702
The <c:out> by default escapes XML entities <, >, &, " and ' to prevent XSS attacks.
So to solve your problem, either just don't use <c:out> (works on JSP 2.0 and newer):
${text}
or add the escapeXml="false" attribute:
<c:out value="${text}" escapeXml="false" />
You only need to ensure that this HTML is trusted, or this will be a very easy XSS attack hole. Jsoup may be helpful in this, see also XSS prevention in JSP/Servlet web application.
Upvotes: 7
Related Questions
- Render a jsp page from code and get the rendered html output as a string
- JSP rendering HTML in Spring-MVC
- Unescape HTML using JSP
- How to render Html page in jsp
- display text without HTML markup
- How to represent html text as plain text in jsp page
- JSP renders weird HTML
- Rendering HTML in Java
- Display HTML Code in JSP (Don't "render" HTML)
- Problem with HTML output in JSP