SafeHtml.asString() escapes HTML entities to secure you from XSS attacks, thats the point of using it. In your example, if your <br> should not be escaped you must create a SafeHtml instance using
-- SafeHtmlBuilder b = ..
b.appendEscaped("car");
b.appendHtmlConstant("<br>");
b.appendEscaped("bike");
OR
SafeHtmlUtils.fromTrustedString("car<br>bike") if you can make sure that no one can potentially insert evil things into the string as this method doesn't escape anything.
-- J.
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment