Does regular XHTML inputText tag have automatic escapement for XML entities like h:inputText in JSF?

Asked Aug 26 '19 at 18:52

Active Aug 26 '19 at 18:52

Viewed 30 times

In another word, in order to prevent XSS in web applications, is it necessary to replace a xhtml inputText with JSF's h:inputText? Thanks ahead.

asked Aug 26 '19 at 18:52

Samuel Fu

1

Note: there's no such thing as a "xhtml inputText". It's is essentially plain template text for JSF. – BalusC Aug 26 '19 at 19:02
Sorry can you elaborate more on the it please? So what is the difference between a inputText field and `h:inputText`? What does the `h` specify here? – Samuel Fu Aug 26 '19 at 22:32
:ssssamuel: start with a jsf 101 tutorial and you'll know – Kukeltje Aug 27 '19 at 11:50

0 Answers0