Theme
LocaleConverter
The SanitizingConverter (pe:sanitizer) sanitizes any input using an OWASP Java HTML Sanitizer PolicyFactory. Useful for cleansing input if going to be displayed in outputText with escape="false".

Enter text including HTML tags to see the default policy:

Custom policy allows HTML tags including <i> and <strong>:

Source

                <p:messages id="messages"/>

    <h:panelGroup id="timePickerGroup" layout="block">
        <p>
            Enter text including HTML tags to see the default policy:
            <p:inputText id="defaultSanitizer" value="#{sanitizingController.defaultSanitizer}">
                <pe:sanitizer/>
            </p:inputText>
        </p>

        <p>
            Custom policy allows HTML tags including &lt;i&gt; and &lt;strong&gt;:
            <p:inputText id="customSanitizer" value="#{sanitizingController.customSanitizer}">
                <pe:sanitizer decodeHtml="true" policy="#{sanitizingController.policyFactory}"/>
            </p:inputText>
        </p>
    </h:panelGroup>

    <h:panelGroup layout="block" style="margin-top: 10px;margin-bottom: 10px;">
        <p:commandButton value="Submit" update="messages defaultSanitizer customSanitizer"/>
    </h:panelGroup>
            
Components and more
Documentation pe:sanitizer
Attributes (move mouse over the names to see data types)
Name Description
decodeHtml Run input through OWASP HTML Decoder. Default is 'true'.
policy An instance of OWASP PolicyFactory which declares how to sanitize the input. Default is strict sanitization.
PrimeFaces Extensions Showcase - © 2011-2021,PrimeFaces: 11.0.0,PrimeFaces Extensions: 11.0.0,JSF: Apache MyFaces JSF-2.3 Core API 2.3.9,Server: jetty/9.4.36.v20210114,Build time: 2021-12-10 14:32
occured!