3.5.2.1.38. RichTextArea
This is a text area to display and enter formatted text.
XML name of the component: richTextArea
RichTextArea
is implemented only for Web Client.
Basically, RichTextArea
mirrors the functionality of TextField, except that you cannot set datatype
for it. So, RichTextArea
is intended for work only with text and entity attributes of type String
.
RichTextArea
is also used to input and output HTML string. If the htmlSanitizerEnabled
attribute is set to true
, then the RichTextArea
value will be sanitized.
protected static final String UNSAFE_HTML = "<i>Jackdaws </i><u>love</u> <font size=\"javascript:alert(1)\" " +
"color=\"moccasin\">my</font> " +
"<font size=\"7\">big</font> <sup>sphinx</sup> " +
"<font face=\"Verdana\">of</font> <span style=\"background-color: " +
"red;\">quartz</span><svg/onload=alert(\"XSS\")>";
@Inject
private RichTextArea richTextArea;
@Subscribe
public void onInit(InitEvent event) {
richTextAreasetHtmlSanitizerEnabled(true);
richTextArea.setValue(UNSAFE_HTML);
}
The htmlSanitizerEnabled
attribute overrides the value of global cuba.web.htmlSanitizerEnabled configuration property.
- Attributes of richTextArea
-
align - caption - captionAsHtml - contextHelpText - contextHelpTextHtmlEnabled - css - dataContainer - description - descriptionAsHtml - editable - enable - box.expandRatio - height - htmlSanitizerEnabled - icon - id - property - required - requiredMessage - stylename - tabIndex - visible - width
- API