i have an app where users can write messages. these messages are shown in frontend.
a new message is saved to database with unicode line breaks ("/n").
when i want to show a message in frontend i convert all occurences of "/n" to "<br>" and show the message in frontend via
<h:outputText value"#{myBean.userMsg}" escape="false">
this works fine.
BUT, the problem is that the user could add some other html-tags when writing a new message. these html-tags are not escaped when showing the message. this could destroy the layout. the user should only be allowed to write plain text, nothing more. if he writes html-tags, these html-tags should be shown as plain text, too.
With h:outputText it is impossible to implement this requirement. I think I need a special component that escapes all html-tags but no <br>�s.
Is there any component out there that provides this functionality?
Or maybe there is a completely different approach I haven�t thought about?!
(i know, one solution would be to use css, but this is not an option in this case)