Thax you Jens, it's fase data only vip can input html
On Friday, June 6, 2014 9:15:14 PM UTC+10, Jens wrote:
>
> SafeHtml.asString() escapes HTML entities to secure you from XSS attacks,
> thats the point of using it. In your example, if your <br> should not be
> escaped you must create a SafeHtml instance using
>
> SafeHtmlBuilder b = ..
> b.appendEscaped("car");
> b.appendHtmlConstant("<br>");
> b.appendEscaped("bike");
>
> OR
>
> SafeHtmlUtils.fromTrustedString("car<br>bike") if you can make sure that
> no one can potentially insert evil things into the string as this method
> doesn't escape anything.
>
> -- J.
>
--
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to google-web-toolkit+unsubscr...@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.
