报错:
Caused by: org.attoparser.ParseException: Only variable expressions returning numbers or booleans are allowed in this context, any other datatypes are not trusted in the context of this expression, including Strings or any other object that could be rendered as a text literal. A typical case is HTML attributes for event handlers (e.g. "onload"), in which textual data from variables should better be output to "data-*" attributes and then read from the event handler. (template: "fourteenth/cfgshareimage/list" - line 241, col 65)
at org.attoparser.MarkupParser.parseDocument(MarkupParser.java:393)
at org.attoparser.MarkupParser.parse(MarkupParser.java:257)
at org.thymeleaf.templateparser.markup.AbstractMarkupTemplateParser.parse(AbstractMarkupTemplateParser.java:230)
... 83 common frames omitted
修改前代码th:οnclick="getCopyUrl('shareImageUrl1${language.getKey}'“修改后的代码:
<button type="button" class="layui-btn" style="margin-top:30px;"
th:id="'ID-upload-copy'+${language.getKey}" th:data-url="shareImageUrl1+${language.getKey}" th:οnclick="getCopyUrl(this.dataset.url)">解释:
1. 通过 data-* 属性传递数据
Thymeleaf 认为在 onclick 等事件处理器中直接插入字符串可能会存在 XSS(跨站脚本攻击)风险,因此不允许将非数值或布尔类型直接用于事件属性。可以考虑将字符串数据存储在 data-* 属性中,然后通过 JavaScript 读取这个 data-* 属性值来动态构建 getCopyUrl()。