I'm using Spring Boot with Thymleaf. My Layout is composed from 3 zones, header, content and footer.
In header I want to display "Hello !", if user is not logged in I will display "Hello Guest!".
How can I get send the "username" to header.html file ?
It's important to write this code once and to be called everywhere where header.html is included.
If you are saving the username in the session,you can access session object in Thymeleaf template with a session variable. If the session contains username attribute it will display the value , anyway null check is taken care by Thymeleaf if the attribute username is not in session object.
<span>Hello</span>
<span th:text="${session.username}" />
You can use Thymleaf's th:with attribute to pass on variables to your fragments.
This is how I am including my nav fragment by passing some data to the fragment.
<div th:include="fragments/nav :: nav" th:with="userLogin='true', view='business'"></div>
Now inside my nav fragment I can simply use ${userLogin} or ${view} to access the variables.
Hope this helps.
Related
is it possible to sent thymeleaf code via attributeModel to View, to be treated like standard code?
I would like to load a piece of code(thymeleaf fragments) in different places only when it is needed.
But when I try this:
Spring Boot Controller:
model.addAttribute("fragment", "<th:block th:include=\"fragments/header :: body\"></th:block>");
View:
<div th:text="${fragment}"></div>
In WebBrowser as a TEXT I have:
<th:block th:include="fragments/header :: body"></th:block>
Can I force re-render? And how can I do that? But if it is not possible, what can I do in replace?
Every thing that th:text parse, set to innerHTML and not rerendered.
You can set parameter in your controller and then check in Thymeleaf if that set, then include or replace your fragment. like this:
Controller
model.addAttribute("isFragmentBodyShow", true);
View
<th:block th:if="${isFragmentBodyShow}" th:include="fragments/header :: body"></th:block>
You can also send fragment name from contoller to Thymeleaf and use it in th:include for dynamic template include.
I have a property file without Key and only content and I want to display the content of property file in jsp Page after escaping html tags. How to do this?
property file:
Here is an example of content, messages. <p>
<b>approach<b> <br>
Find out more about our website
</p>
How can I display this in jsp Page using spring? Any help?
message.properties is typically used for internationalization. Usually properties file in general is used for small value(s) and plain text.
For your case, I'd just create a separate jsp file and include it in your jsp.
<%# include file="aboutus.jsp" %>
When I use the below jstl code
<a href="http://mysite.com?id="<c:out value="${myid}"/>/><c:out value="${myid}"/></a>
the output is :
"1234"
The value 1234 corresponds to the variable value of myid but the url being generated is
"http://mysite.com?id=" so no value for myid is being generated as part of the href.
How can I amend the href so that entire href is displayed :
"http://mysite.com?id=1234"
instead of :
"http://mysite.com?id="
Ultimately, JSP/JSTL generates HTML. You're familiar with basic HTML, right?
Look closer at the generated HTML output by rightclick, View Source in browser. You'll see:
<a href="http://mysite.com?id="1234/>1234</a>
Is that valid HTML? No, you're closing the attribute value too soon with " at wrong place and you're closing the tag too soon with />. Look, the Stack Overflow HTML syntax highlighter also got confused. Instead, it should have been:
1234
Fix the HTML generator (i.e. the JSP/JSTL code) accordingly so that it generates the desired HTML:
<c:out value="${myid}"/>
Unrelated to the concrete problem, the <c:out> is only helpful in preventing XSS attack holes when redisplaying user-controlled input and actually the wrong tool to inline URL parameters. If you can guarantee that ${myid} is always a number (because it's a Long or Integer), you can even just leave it entirely out, making the code prettier to read:
${myid}
If the ${myid} is however not a guaranteed to be a number (because it's a String), then you should use <c:url> and <c:param> to properly URL-encode it:
<c:url value="http://mysite.com" var="myURL">
<c:param name="id" value="${myid}" />
</c:url>
<c:out value="${myid}" />
<c:url> tag is used to create an url. It is helpful in the case when cookies is turned off by the client, and you would be required to rewrite URLs that will be returned from a jsp page.
<c:param> tag may used as a subtag of to add the parameters in the returned URL. Using these parameters encodes the URL.
<c:url value="http://mysite.com" var="myURL">
<c:param name="id" value="${myid}" />
</c:url>
<a href="${myURL}" />${myURL}</a>
Read more from here.
How to set image path dynamically for following:
<img src="/Images/Model" + #item.ModelImagePath />
"/Images/Model" this path is fixed, rest of the path comes from [ModelImagePath] column of Model DBTable.
Please guide me how to set the path dynamically in View.
And is there any Html helper tag to display image available in MVC RZOR?
Note: i have similar type of problem as described in
How to use/pass hidden field value in ActionLink
<img src="#Url.Content(String.Format("~/Images/Model/{0}", item.ModelImagePath))"
If you have already saved the entire path into the table, follow it
<img src="#Url.Content(String.Format("{0}",item.ModelImagePath))"/>
or
<img src="#Url.Content(item.ModelImagePath)" style="width:100px;height:100px"/>
i used ci_csrf_token hidden field in my forms.but any form in my script get alert with Acunetix Web Vulnerability Scanner.
alert details :
Cookie input ci_csrf_token was set to " onmouseover=prompt(965267) bad="
The input is reflected inside a tag element between double quotes.
in view source:
<input type="hidden" name="ci_csrf_token" value="\\" onmouseover=prompt(965267) bad=\"" />
can anyone help me to solve it?
You need to html attribute encode the token before you put it into the hidden field. Do you add it to the form on the client side or the server side? If you do it on the server side, you may want to do input validation to make sure the token is on the expected format.