Or, to bring it inline,
JSF is an XML form, so it obeys XML rules. There are 5 characters that XML parsers are sensitive to, and which may require escaping (entity specification):
< <
> >
" "
' '
& &
Note that the ";" at the end is
required - I've seen some sloppy sites that left them off because apparently some browsers weren't diligent about proper form, but that meant that unless you were running the proper browser, the site looked like an amateur job.
I mentioned that JSF is XML form. You can use JSF in an HTML context, where the rules may be more lax, but I personally recommend using an actual XML context such as xhtml. That way you have the benefit of tools that will do that little extra bit of validation at source time. Also it's easier for automated tools to work with XML formats, since they don't have the unpredictability of raw HTML. For example, unbalanced tags such as <br>.
The secret of how to be miserable is to constantly expect things are going to happen the way that they are "supposed" to happen.
You can have faith, which carries the understanding that you may be disappointed. Then there's being a willfully-blind idiot, which virtually guarantees it.