作者:上午劳动_951 | 来源:互联网 | 2022-12-01 17:14
我试图将值传递给我的Javascript函数,但该函数调用依赖于布尔变量.在我最近升级到百日咳安全5之前,我一直工作得很好.
这是代码段.
对于要完成的函数调用,timerEnabled必须为true,但是thymeleaf现在会抛出异常
org.thymeleaf.exceptions.TemplateProcessingException: Only variable expressions returning numbers or booleans are allowed in this context, any other datatypes are not trusted in the context of this expression, including Strings or any other object that could be rendered as a text literal. A typical case is HTML attributes for event handlers (e.g. "onload"), in which textual data from variables should better be output to "data-*" attributes and then read from the event handler.
我该如何解决这个问题?谢谢.
1> leome..:
自Thymeleaf 3.0.10以来,他们修复了一个关于非转义代码的安全漏洞.
尝试
或者推荐的方式:
阅读更多内容:https://github.com/thymeleaf/thymeleaf/issues/707
并且:http:
//forum.thymeleaf.org/Thymeleaf-3-0-10-JUST-PUBLISHED-tt4031348.html#a4031353