Enter text including HTML tags to see the default policy:
Custom policy allows HTML tags including <i> and <strong>:
Lenient converter allows <i> and <strong>: Italic
Italic
<p:messages id="messages"/> <h:panelGroup id="timePickerGroup" layout="block"> <p> Enter text including HTML tags to see the default policy: <p:inputText id="defaultSanitizer" value="#{sanitizingController.defaultSanitizer}"> <pe:sanitizer/> </p:inputText> </p> <p> Custom policy allows HTML tags including <i> and <strong>: <p:inputText id="customSanitizer" value="#{sanitizingController.customSanitizer}"> <pe:sanitizer decodeHtml="true" policy="#{sanitizingController.policyFactory}"/> </p:inputText> </p> <p> Lenient converter allows <i> and <strong>: <h:outputText id="lenientSanitizer" escape="false" converter="primefaces.SanitizingLenientConverter" value="#{sanitizingController.customSanitizer}"/> </p> </h:panelGroup> <h:panelGroup layout="block" style="margin-top: 10px;margin-bottom: 10px;"> <p:commandButton value="Submit" update="messages defaultSanitizer customSanitizer"/> </h:panelGroup>
@Named @ViewScoped public class SanitizingController implements Serializable { private static final long serialVersionUID = 1L; private String defaultSanitizer = "<p>Test</p>"; private String customSanitizer = "<p><i>Italic</i></p>"; /** * PolicyFactory to allow certain HTML elements like italic and bold tags. * * @return the {@code PolicyFactory} */ public PolicyFactory getPolicyFactory() { final String[] allowElements = new String[] {"b", "em", "i", "s", "strong", "sub", "sup", "u"}; return new HtmlPolicyBuilder() .allowElements(allowElements) .allowTextIn(allowElements) .toFactory(); } public String getDefaultSanitizer() { return defaultSanitizer; } public void setDefaultSanitizer(String defaultSanitizer) { this.defaultSanitizer = defaultSanitizer; } public String getCustomSanitizer() { return customSanitizer; } public void setCustomSanitizer(String customSanitizer) { this.customSanitizer = customSanitizer; } }