I'm using f:selectItems with value pointing to Map<String, String>, some of the labels contain "<" or ">". I found that values are escaped properly even on default (actually, I do not need that), but labels are not, even if I specify itemLabelEscaped="true".
Here is a test case, add it to some JSF page and then call it with a url like
http://localhost:8080/basic-ezcomp/nav1.jsf?<=h&n=<
<h:selectOneListbox id="cond_list" size="1">
<f:selectItems value="#{paramValues['n']}" escape="true" itemLabelEscaped="true" var="item"
itemLabel="#{item}" itemValue="#{item}" />
</h:selectOneListbox>
<h:selectOneListbox id="cond_listP" size="1">
<f:selectItems value="#{param}" escape="true" itemLabelEscaped="true" />
</h:selectOneListbox>
here is the resulting html:
<select id="j_id7:cond_list" name="j_id7:cond_list" size="1">
<option value="<"><</option>
</select>
<select id="j_id7:cond_listP" name="j_id7:cond_listP" size="1">
<option value="h"><</option></select>
[Message sent by forum member 'nzinoviev' (nzinoviev)]
http://forums.java.net/jive/thread.jspa?messageID=335543