Patrick.Sy/spring-petclinic
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-petclinic.git synced 2025-05-28 22:29:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Ensure fragment for menu items is not itself rendered

Browse source 
Formerly there was a "ghost" menu item with no text and no icon
because Thymeleaf had not been instructed to remove the fragment
definition. This change tidies that up and also removes the use of
the "path" variable, which Thymeleaf populates from the current
request context, and poses a potential security threat as a
result (if users type malicious characters in the URL).
This commit is contained in:
Dave Syer 2020-06-13 14:56:10 +01:00
parent d173555056
commit 07b9d5aa45
1 changed files with 73 additions and 63 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

136
src/main/resources/templates/fragments/layout.html
View file

@ -1,88 +1,98 @@
<!doctype html> <!doctype html>
<html th:fragment="layout (template, menu)"> <html th:fragment="layout (template, menu)">
<head> <head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta charset="utf-8"> <meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="shortcut icon" type="image/x-icon" th:href="@{/resources/images/favicon.png}"> <link rel="shortcut icon" type="image/x-icon" th:href="@{/resources/images/favicon.png}">
<title>PetClinic :: a Spring Framework demonstration</title> <title>PetClinic :: a Spring Framework demonstration</title>
<!--[if lt IE 9]> <!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script> <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script> <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]--> <![endif]-->
<link rel="stylesheet" th:href="@{/resources/css/petclinic.css}"/> <link rel="stylesheet" th:href="@{/resources/css/petclinic.css}" />
</head> </head>
<body> <body>
<nav class="navbar navbar-default" role="navigation"> <nav class="navbar navbar-default" role="navigation">
<div class="container"> <div class="container">
<div class="navbar-header"> <div class="navbar-header">
<a class="navbar-brand" th:href="@{/}"><span></span></a> <a class="navbar-brand" th:href="@{/}"><span></span></a>
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#main-navbar"> <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#main-navbar">
<span class="sr-only"><os-p>Toggle navigation</os-p></span> <span class="sr-only">
<span class="icon-bar"></span> <os-p>Toggle navigation</os-p>
<span class="icon-bar"></span> </span>
<span class="icon-bar"></span> <span class="icon-bar"></span>
</button> <span class="icon-bar"></span>
</div> <span class="icon-bar"></span>
<div class="navbar-collapse collapse" id="main-navbar"> </button>
<ul class="nav navbar-nav navbar-right">
<li th:fragment="menuItem (path,active,title,glyph,text)" class="active" th:class="${active==menu ? 'active' : ''}">
<a th:href="@{__${path}__}" th:title="${title}">
<span th:class="'glyphicon glyphicon-'+${glyph}" class="glyphicon glyphicon-home" aria-hidden="true"></span>
<span th:text="${text}">Template</span>
</a>
</li>
<li th:replace="::menuItem ('/','home','home page','home','Home')">
<span class="glyphicon glyphicon-home" aria-hidden="true"></span>
<span>Home</span>
</li>
<li th:replace="::menuItem ('/owners/find','owners','find owners','search','Find owners')">
<span class="glyphicon glyphicon-search" aria-hidden="true"></span>
<span>Find owners</span>
</li>
<li th:replace="::menuItem ('/vets.html','vets','veterinarians','th-list','Veterinarians')">
<span class="glyphicon glyphicon-th-list" aria-hidden="true"></span>
<span>Veterinarians</span>
</li>
<li th:replace="::menuItem ('/oups','error','trigger a RuntimeException to see how it is handled','warning-sign','Error')">
<span class="glyphicon glyphicon-warning-sign" aria-hidden="true"></span>
<span>Error</span>
</li>
</ul>
</div>
</div> </div>
<div class="navbar-collapse collapse" id="main-navbar">
<ul class="nav navbar-nav navbar-right" th:remove="all">
<li th:fragment="menuItem (link,active,title,glyph,text)" class="active"
th:class="${active==menu ? 'active' : ''}">
<a th:href="@{__${link}__}" th:title="${title}">
<span th:class="'glyphicon glyphicon-'+${glyph}" class="glyphicon glyphicon-home"
aria-hidden="true"></span>
<span th:text="${text}">Template</span>
</a>
</li>
</ul>
<ul class="nav navbar-nav navbar-right">
<li th:replace="::menuItem ('/','home','home page','home','Home')">
<span class="glyphicon glyphicon-home" aria-hidden="true"></span>
<span>Home</span>
</li>
<li th:replace="::menuItem ('/owners/find','owners','find owners','search','Find owners')">
<span class="glyphicon glyphicon-search" aria-hidden="true"></span>
<span>Find owners</span>
</li>
<li th:replace="::menuItem ('/vets.html','vets','veterinarians','th-list','Veterinarians')">
<span class="glyphicon glyphicon-th-list" aria-hidden="true"></span>
<span>Veterinarians</span>
</li>
<li
th:replace="::menuItem ('/oups','error','trigger a RuntimeException to see how it is handled','warning-sign','Error')">
<span class="glyphicon glyphicon-warning-sign" aria-hidden="true"></span>
<span>Error</span>
</li>
</ul>
</div>
</div>
</nav> </nav>
<div class="container-fluid"> <div class="container-fluid">
<div class="container xd-container"> <div class="container xd-container">
<th:block th:include="${template}"/>
<br/> <th:block th:include="${template}" />
<br/>
<div class="container"> <br />
<div class="row"> <br />
<div class="col-12 text-center"> <div class="container">
<img src="../static/resources/images/spring-pivotal-logo.png" th:src="@{/resources/images/spring-pivotal-logo.png}" <div class="row">
alt="Sponsored by Pivotal"/></div> <div class="col-12 text-center">
</div> <img src="../static/resources/images/spring-pivotal-logo.png"
th:src="@{/resources/images/spring-pivotal-logo.png}" alt="Sponsored by Pivotal" /></div>
</div> </div>
</div> </div>
</div>
</div> </div>
<script th:src="@{/webjars/jquery/jquery.min.js}"></script> <script th:src="@{/webjars/jquery/jquery.min.js}"></script>