Thymeleaf中的#request.getParameters()的变通办法 [英] Workaround for #request.getParameters() in Thymeleaf

查看:76
本文介绍了Thymeleaf中的#request.getParameters()的变通办法的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我们正在使用CAS 5.2.3,该版本使用Thymeleaf的升级版.Thymeleaf限制了对某些请求功能的访问-'#request.getParameters()'是其中之一.有什么解决办法吗?尝试访问它时出现以下错误-在这种情况下,禁止访问请求参数.请注意,某些限制适用于变量访问.例如,在预处理和未转义的表达式中,在TEXT模板中,禁止直接访问请求参数模式,片段插入规范和某些特定的属性处理器中."

We are using CAS 5.2.3 which uses an upgraded version of Thymeleaf. Thymeleaf has restricted access to certain request features - '#request.getParameters()' being one. Is there any work around for it? I am getting the following error when trying to access it - "Access to request parameters is forbidden in this context. Note some restrictions apply to variable access. For example, direct access to request parameters is forbidden in preprocessing and unescaped expressions, in TEXT template mode, in fragment insertion specifications and in some specific attribute processors."

推荐答案

好问题.我几个月前就遇到了这个问题,这个问题可以解决.

Good question. I face this problem a few months before, it is solvable.

查看了他们的源代码后,我发现他们仅在特定标签上限制了#request.getParameters()的使用,他们并未禁止使用 #request.getParameters()在某些情况下.

After looking through their source code, I found that they are limiting the usage of #request.getParameters() only on specific tag, they didn't forbid to use #request.getParameters() in some situation.

在我的用例中,我能够使用CData绕过此检查.由于您未提供任何代码示例,因此不确定是否适用于您的用例.

In my use case, I am able to use CData to bypass this checking. Not sure whether it applies to your use case since you didn't provide any code example....

无论如何,下面的示例想根据参数 url

Anyway, the below example want to redirect user to another page, based on the parameter url

这是一个示例代码,在CAS 5.2.x中已被破坏,但在CAS 5.1.x中有效:

<html>
<head>
<title> Deforestation </title>
</head>
<body th:attr="onload='window.location.href=\''+${#request.getParameter('url')}+'\''">
</body>
</html>

以下是围绕代码的解决方法:

<html>
<head>
<title> Deforestation </title>
</head>
<body>

Logging out. Please wait...

<script th:inline="javascript">
/*<![CDATA[*/
    location.href = /*[[( ${#request.getParameter('url')} )]]*/ ;
/*]]>*/
</script>
</body>
</html>

如果这不能解决您的问题,请提供您的源代码,以便我们更好地研究问题.

If this didn't solve your problem, please provide your source code so we can have a better look at the problem.

注意:出于安全原因,现在禁止使用这些东西,使用此替代方法可能会破坏安全标准,请记住在必要时清理用户输入

Note: There is a security reason why this stuff is now banned, using this workaround might compromise the security standard, do remember to sanitize the user input if neccesary

根据评论,虽然不优雅,但也许可以进行以下操作?

as per comment, although not elegant, maybe something like the following will work?

<html>
<head>
<title> Data attribute </title>
</head>
<body>

<span id="foobarid"> </span>

<script th:inline="javascript">
/*<![CDATA[*/
    $('#foobarid').data('foo-bar',/*[[( ${#request.getParameter('foo') == 'bar'} )]]*/); 
/*]]>*/
</script>
</body>
</html>

这篇关于Thymeleaf中的#request.getParameters()的变通办法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆