h:outputText not rendering HTML from XML response in spite of escape=“false”

Question

I have the following code:

<h:outputText value="#{bean.shortDescription}" escape="false" />

The result is:

<p><b>Location. </b> <br /> a

The string from #{bean.shortDescription} is being taken from an XML response that is escaped:

<p><b>Location. </b> <br /> a

If I make the same output text as above, but instead of taking the response from the XML, I just put the escaped string that comes from the response, e.g.:

<h:outputText value="&lt;p&gt;&lt;b&gt;Location. &lt;/b&gt; &lt;br /&gt; a" escape="false" />

Then the result is:

Location.
a

How can I properly render the HTML tags I get from the XML? I do not want to escape them.

Answer 1

It's because your text is already escaped. The escape="false" doesn't unescape text. It just prints the text as-is instead of escaping it. However, as your text is already escaped from beginning on, it appears in escaped form. Remove the escape="false" and you'll see that it will be double-escaped. I.e. every & becomes &.

You need to unescape it beforehand. The Apache Commons Lang StringEscapeUtils may come handy.

String unescapedShortDescription = StringEscapeUtils.unescapeXml(shortDescription);

Then, you can use <h:outputText escape="false"> to print it as-is.