(基于SpringBoot框架企业级应用系统开发全面实战)->{02.09_Thymeleaf实战_recv}

问题：
今天在尝试使用springBoot整合thymeleaf时，使用了th：onclick（）事件

原代码：

<button class="btn" th:οnclick="'getName(\''+${person.name}+'\');'">获得名字</button>

修改后：

<button class="btn" th:οnclick="getName([[${person.name}]]);">获得名字</button>

产生原因：

3.x版本的thymeleaf为了防止注入攻击，升级了安全机制。springboot版本<version>2.0.9.RELEASE</version>

pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>

	<groupId>com.test7</groupId>
	<artifactId>demo</artifactId>
	<version>0.0.1-SNAPSHOT</version>
	<packaging>jar</packaging>

	<name>Demo7</name>
	<description>Demo project for Spring Boot</description>

	<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>2.0.9.RELEASE</version>
		<relativePath /> <!-- lookup parent from repository -->
	</parent>

	<properties>
		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
		<java.version>1.8</java.version>
	</properties>

	<dependencies>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-thymeleaf</artifactId>
		</dependency>

		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-test</artifactId>
			<scope>test</scope>
		</dependency>
	</dependencies>

	<build>
		<plugins>
			<plugin>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-maven-plugin</artifactId>
			</plugin>
		</plugins>
	</build>


</project>

index.html

<html xmlns:th="http://www.thymeleaf.org">
  <head>
  	 <meta content="text/html;charset=UTF-8"/>
  	 <meta http-equiv="X-UA-Compatible" content="IE=edge"/>
     <meta name="viewport" content="width=device-width, initial-scale=1"/>
    <link th:href="@{bootstrap/css/bootstrap.min.css}" rel="stylesheet"/> 
    <link th:href="@{bootstrap/css/bootstrap-theme.min.css}" rel="stylesheet"/>
  </head>
  <body>
  
  <div class="panel panel-primary">
    <div class="panel-heading">
        <h3 class="panel-title">访问beifengwang</h3>
    </div>
    <div class="panel-body">
        	<span th:text="${singlePerson.name}"></span> 
    </div>
  </div>
  
  <div th:if="${not #lists.isEmpty(people)}">
	  <div class="panel panel-primary">
	    <div class="panel-heading">
	        <h3 class="panel-title">列表</h3>
	    </div>
	    <div class="panel-body">
	        <ul class="list-group">
				<li class="list-group-item" th:each="person:${people}">
				    <span th:text="${person.name}"></span>
				   	<span th:text="${person.age}"></span>
				   	<!-- <button class="btn" th:οnclick="'getName(\'' + ${person.name} + '\');'">获得名字</button> -->
	                <button class="btn" th:οnclick="getName([[${person.name}]]);">获得名字</button>			   	
				</li>
	        </ul>
	    </div>
	 </div>
 </div>
  
  <script th:src="@{jquery.min.js}" type="text/javascript"></script>
  <script th:src="@{bootstrap/js/bootstrap.min.js}"></script>
  
  <script th:inline="javascript">
  	var single = [[${singlePerson}]];
  
  	console.log(single.name+"/"+single.age)
  	
  	function getName(name){
  	    alert(name);
  		console.log(name);
  	}
  </script>
  
  </body>
</html>

===============================================================================

参考资料：

thymeleaf 的 th:onclick，慢慢采坑

thymeleaf的onclick标签传参异常