private static ComputedOGNLExpression obtainComputedOGNLExpression( final IEngineConfiguration configuration, final IStandardVariableExpression expression, final String exp, final boolean applyOGNLShortcuts) throws OgnlException { if (expression instanceof VariableExpression) { final VariableExpression vexpression = (VariableExpression) expression; Object cachedExpression = vexpression.getCachedExpression(); if (cachedExpression != null && cachedExpression instanceof ComputedOGNLExpression) { return (ComputedOGNLExpression) cachedExpression; } cachedExpression = parseComputedOGNLExpression(configuration, exp, applyOGNLShortcuts); if (cachedExpression != null) { vexpression.setCachedExpression(cachedExpression); } return (ComputedOGNLExpression) cachedExpression; } if (expression instanceof SelectionVariableExpression) { final SelectionVariableExpression vexpression = (SelectionVariableExpression) expression; Object cachedExpression = vexpression.getCachedExpression(); if (cachedExpression != null && cachedExpression instanceof ComputedOGNLExpression) { return (ComputedOGNLExpression) cachedExpression; } cachedExpression = parseComputedOGNLExpression(configuration, exp, applyOGNLShortcuts); if (cachedExpression != null) { vexpression.setCachedExpression(cachedExpression); } return (ComputedOGNLExpression) cachedExpression; } return parseComputedOGNLExpression(configuration, exp, applyOGNLShortcuts); }
static SelectionVariableExpression parseSelectionVariableExpression(final String input) { final Matcher matcher = SELECTION_VAR_PATTERN.matcher(input); if (!matcher.matches()) { return null; } final String expression = matcher.group(1); final int expressionLen = expression.length(); if (expressionLen > 2 && expression.charAt(0) == SimpleExpression.EXPRESSION_START_CHAR && expression.charAt(expressionLen - 1) == SimpleExpression.EXPRESSION_END_CHAR) { // Double brackets = enable to-String conversion return new SelectionVariableExpression(expression.substring(1, expressionLen - 1), true); } return new SelectionVariableExpression(expression, false); }
static Object executeSelectionVariableExpression( final IExpressionContext context, final SelectionVariableExpression expression, final IStandardVariableExpressionEvaluator expressionEvaluator, final StandardExpressionExecutionContext expContext) { if (logger.isTraceEnabled()) { logger.trace("[THYMELEAF][{}] Evaluating selection variable expression: \"{}\"", TemplateEngine.threadIndex(), expression.getStringRepresentation()); } final StandardExpressionExecutionContext evalExpContext = (expression.getConvertToString()? expContext.withTypeConversion() : expContext.withoutTypeConversion()); final Object result = expressionEvaluator.evaluate(context, expression, evalExpContext); if (!expContext.getForbidUnsafeExpressionResults()) { return result; } // We are only allowing results of type Number and Boolean, and cosidering the rest of data types "unsafe", // as they could be rendered into a non-trustable String. This is mainly useful for helping prevent code // injection in th:on* event handlers. if (result == null || result instanceof Number || result instanceof Boolean) { return result; } throw new TemplateProcessingException( "Only variable expressions returning numbers or booleans are allowed in this context, any other data" + "types are not trusted in the context of this expression, including Strings or any other " + "object that could be rendered as a text literal. A typical case is HTML attributes for event handlers (e.g. " + "\"onload\"), in which textual data from variables should better be output to \"data-*\" attributes and then " + "read from the event handler."); }
public static IThymeleafBindStatus getBindStatus( final IExpressionContext context, final boolean optional, final String expression) { Validate.notNull(expression, "Expression cannot be null"); if (GLOBAL_EXPRESSION.equals(expression) || ALL_EXPRESSION.equals(expression) || ALL_FIELDS.equals(expression)) { // If "global", "all" or "*" are used without prefix, they must be inside a form, so we add *{...} final String completeExpression = "*{" + expression + "}"; return getBindStatus(context, optional, completeExpression); } final IStandardExpressionParser expressionParser = StandardExpressions.getExpressionParser(context.getConfiguration()); final IStandardExpression expressionObj = expressionParser.parseExpression(context, expression); if (expressionObj == null) { throw new TemplateProcessingException( "Expression \"" + expression + "\" is not valid: cannot perform Spring bind"); } if (expressionObj instanceof SelectionVariableExpression) { final String bindExpression = ((SelectionVariableExpression)expressionObj).getExpression(); return getBindStatusFromParsedExpression(context, optional, true, bindExpression); } if (expressionObj instanceof VariableExpression) { final String bindExpression = ((VariableExpression)expressionObj).getExpression(); return getBindStatusFromParsedExpression(context, optional, false, bindExpression); } throw new TemplateProcessingException( "Expression \"" + expression + "\" is not valid: only variable expressions ${...} or " + "selection expressions *{...} are allowed in Spring field bindings"); }
static Object executeSelectionVariable(final Configuration configuration, final IProcessingContext processingContext, final SelectionVariableExpression expression, final IStandardVariableExpressionEvaluator expressionEvaluator, final StandardExpressionExecutionContext expContext) { if (logger.isTraceEnabled()) { logger.trace("[THYMELEAF][{}] Evaluating selection variable expression: \"{}\"", TemplateEngine.threadIndex(), expression.getStringRepresentation()); } final String exp = expression.getExpression(); if (exp == null) { throw new TemplateProcessingException( "Variable expression is null, which is not allowed"); } final StandardExpressionExecutionContext evalExpContext = (expression.getConvertToString()? expContext.withTypeConversion() : expContext.withoutTypeConversion()); return expressionEvaluator.evaluate(configuration, processingContext, exp, evalExpContext, true); }
private static void invalidateComputedOGNLExpression( final IEngineConfiguration configuration, final IStandardVariableExpression expression, final String exp) { if (expression instanceof VariableExpression) { final VariableExpression vexpression = (VariableExpression) expression; vexpression.setCachedExpression(null); } else if (expression instanceof SelectionVariableExpression) { final SelectionVariableExpression vexpression = (SelectionVariableExpression) expression; vexpression.setCachedExpression(null); } ExpressionCache.removeFromCache(configuration, exp, EXPRESSION_CACHE_TYPE_OGNL); }
return SelectionVariableExpression.executeSelectionVariable(configuration, processingContext, (SelectionVariableExpression)expression, expressionEvaluator, expContext);
public static BindStatus getBindStatus( final IExpressionContext context, final boolean optional, final String expression) { Validate.notNull(expression, "Expression cannot be null"); if (GLOBAL_EXPRESSION.equals(expression) || ALL_EXPRESSION.equals(expression) || ALL_FIELDS.equals(expression)) { // If "global", "all" or "*" are used without prefix, they must be inside a form, so we add *{...} final String completeExpression = "*{" + expression + "}"; return getBindStatus(context, optional, completeExpression); } final IStandardExpressionParser expressionParser = StandardExpressions.getExpressionParser(context.getConfiguration()); final IStandardExpression expressionObj = expressionParser.parseExpression(context, expression); if (expressionObj == null) { throw new TemplateProcessingException( "Expression \"" + expression + "\" is not valid: cannot perform Spring bind"); } if (expressionObj instanceof SelectionVariableExpression) { final String bindExpression = ((SelectionVariableExpression)expressionObj).getExpression(); return getBindStatusFromParsedExpression(context, optional, true, bindExpression); } if (expressionObj instanceof VariableExpression) { final String bindExpression = ((VariableExpression)expressionObj).getExpression(); return getBindStatusFromParsedExpression(context, optional, false, bindExpression); } throw new TemplateProcessingException( "Expression \"" + expression + "\" is not valid: only variable expressions ${...} or " + "selection expressions *{...} are allowed in Spring field bindings"); }
private static ComputedSpelExpression obtainComputedSpelExpression( final IEngineConfiguration configuration, final IStandardVariableExpression expression, final String spelExpression) { if (expression instanceof VariableExpression) { final VariableExpression vexpression = (VariableExpression) expression; Object cachedExpression = vexpression.getCachedExpression(); if (cachedExpression != null && cachedExpression instanceof ComputedSpelExpression) { return (ComputedSpelExpression) cachedExpression; } cachedExpression = getExpression(configuration, spelExpression); if (cachedExpression != null) { vexpression.setCachedExpression(cachedExpression); } return (ComputedSpelExpression) cachedExpression; } if (expression instanceof SelectionVariableExpression) { final SelectionVariableExpression vexpression = (SelectionVariableExpression) expression; Object cachedExpression = vexpression.getCachedExpression(); if (cachedExpression != null && cachedExpression instanceof ComputedSpelExpression) { return (ComputedSpelExpression) cachedExpression; } cachedExpression = getExpression(configuration, spelExpression); if (cachedExpression != null) { vexpression.setCachedExpression(cachedExpression); } return (ComputedSpelExpression) cachedExpression; } return getExpression(configuration, spelExpression); }
public static BindStatus getBindStatus( final IExpressionContext context, final boolean optional, final String expression) { Validate.notNull(expression, "Expression cannot be null"); if (GLOBAL_EXPRESSION.equals(expression) || ALL_EXPRESSION.equals(expression) || ALL_FIELDS.equals(expression)) { // If "global", "all" or "*" are used without prefix, they must be inside a form, so we add *{...} final String completeExpression = "*{" + expression + "}"; return getBindStatus(context, optional, completeExpression); } final IStandardExpressionParser expressionParser = StandardExpressions.getExpressionParser(context.getConfiguration()); final IStandardExpression expressionObj = expressionParser.parseExpression(context, expression); if (expressionObj == null) { throw new TemplateProcessingException( "Expression \"" + expression + "\" is not valid: cannot perform Spring bind"); } if (expressionObj instanceof SelectionVariableExpression) { final String bindExpression = ((SelectionVariableExpression)expressionObj).getExpression(); return getBindStatusFromParsedExpression(context, optional, true, bindExpression); } if (expressionObj instanceof VariableExpression) { final String bindExpression = ((VariableExpression)expressionObj).getExpression(); return getBindStatusFromParsedExpression(context, optional, false, bindExpression); } throw new TemplateProcessingException( "Expression \"" + expression + "\" is not valid: only variable expressions ${...} or " + "selection expressions *{...} are allowed in Spring field bindings"); }
static SelectionVariableExpression parseSelectionVariable(final String input) { final Matcher matcher = SELECTION_VAR_PATTERN.matcher(input); if (!matcher.matches()) { return null; } final String expression = matcher.group(1); final int expressionLen = expression.length(); if (expressionLen > 2 && expression.charAt(0) == SimpleExpression.EXPRESSION_START_CHAR && expression.charAt(expressionLen - 1) == SimpleExpression.EXPRESSION_END_CHAR) { // Double brackets = enable to-String conversion return new SelectionVariableExpression(expression.substring(1, expressionLen - 1), true); } return new SelectionVariableExpression(expression, false); }
private static ComputedSpelExpression obtainComputedSpelExpression( final IEngineConfiguration configuration, final IStandardVariableExpression expression, final String spelExpression) { if (expression instanceof VariableExpression) { final VariableExpression vexpression = (VariableExpression) expression; Object cachedExpression = vexpression.getCachedExpression(); if (cachedExpression != null && cachedExpression instanceof ComputedSpelExpression) { return (ComputedSpelExpression) cachedExpression; } cachedExpression = getExpression(configuration, spelExpression); if (cachedExpression != null) { vexpression.setCachedExpression(cachedExpression); } return (ComputedSpelExpression) cachedExpression; } if (expression instanceof SelectionVariableExpression) { final SelectionVariableExpression vexpression = (SelectionVariableExpression) expression; Object cachedExpression = vexpression.getCachedExpression(); if (cachedExpression != null && cachedExpression instanceof ComputedSpelExpression) { return (ComputedSpelExpression) cachedExpression; } cachedExpression = getExpression(configuration, spelExpression); if (cachedExpression != null) { vexpression.setCachedExpression(cachedExpression); } return (ComputedSpelExpression) cachedExpression; } return getExpression(configuration, spelExpression); }
public static BindStatus getBindStatus( final IExpressionContext context, final boolean optional, final String expression) { Validate.notNull(expression, "Expression cannot be null"); if (GLOBAL_EXPRESSION.equals(expression) || ALL_EXPRESSION.equals(expression) || ALL_FIELDS.equals(expression)) { // If "global", "all" or "*" are used without prefix, they must be inside a form, so we add *{...} final String completeExpression = "*{" + expression + "}"; return getBindStatus(context, optional, completeExpression); } final IStandardExpressionParser expressionParser = StandardExpressions.getExpressionParser(context.getConfiguration()); final IStandardExpression expressionObj = expressionParser.parseExpression(context, expression); if (expressionObj == null) { throw new TemplateProcessingException( "Expression \"" + expression + "\" is not valid: cannot perform Spring bind"); } if (expressionObj instanceof SelectionVariableExpression) { final String bindExpression = ((SelectionVariableExpression)expressionObj).getExpression(); return getBindStatusFromParsedExpression(context, optional, true, bindExpression); } if (expressionObj instanceof VariableExpression) { final String bindExpression = ((VariableExpression)expressionObj).getExpression(); return getBindStatusFromParsedExpression(context, optional, false, bindExpression); } throw new TemplateProcessingException( "Expression \"" + expression + "\" is not valid: only variable expressions ${...} or " + "selection expressions *{...} are allowed in Spring field bindings"); }
private static ComputedSpelExpression obtainComputedSpelExpression( final IEngineConfiguration configuration, final IStandardVariableExpression expression, final String spelExpression) { if (expression instanceof VariableExpression) { final VariableExpression vexpression = (VariableExpression) expression; Object cachedExpression = vexpression.getCachedExpression(); if (cachedExpression != null && cachedExpression instanceof ComputedSpelExpression) { return (ComputedSpelExpression) cachedExpression; } cachedExpression = getExpression(configuration, spelExpression); if (cachedExpression != null) { vexpression.setCachedExpression(cachedExpression); } return (ComputedSpelExpression) cachedExpression; } if (expression instanceof SelectionVariableExpression) { final SelectionVariableExpression vexpression = (SelectionVariableExpression) expression; Object cachedExpression = vexpression.getCachedExpression(); if (cachedExpression != null && cachedExpression instanceof ComputedSpelExpression) { return (ComputedSpelExpression) cachedExpression; } cachedExpression = getExpression(configuration, spelExpression); if (cachedExpression != null) { vexpression.setCachedExpression(cachedExpression); } return (ComputedSpelExpression) cachedExpression; } return getExpression(configuration, spelExpression); }
public static BindStatus getBindStatus( final IExpressionContext context, final boolean optional, final String expression) { Validate.notNull(expression, "Expression cannot be null"); if (GLOBAL_EXPRESSION.equals(expression) || ALL_EXPRESSION.equals(expression) || ALL_FIELDS.equals(expression)) { // If "global", "all" or "*" are used without prefix, they must be inside a form, so we add *{...} final String completeExpression = "*{" + expression + "}"; return getBindStatus(context, optional, completeExpression); } final IStandardExpressionParser expressionParser = StandardExpressions.getExpressionParser(context.getConfiguration()); final IStandardExpression expressionObj = expressionParser.parseExpression(context, expression); if (expressionObj == null) { throw new TemplateProcessingException( "Expression \"" + expression + "\" is not valid: cannot perform Spring bind"); } if (expressionObj instanceof SelectionVariableExpression) { final String bindExpression = ((SelectionVariableExpression)expressionObj).getExpression(); return getBindStatusFromParsedExpression(context, optional, true, bindExpression); } if (expressionObj instanceof VariableExpression) { final String bindExpression = ((VariableExpression)expressionObj).getExpression(); return getBindStatusFromParsedExpression(context, optional, false, bindExpression); } throw new TemplateProcessingException( "Expression \"" + expression + "\" is not valid: only variable expressions ${...} or " + "selection expressions *{...} are allowed in Spring field bindings"); }
private static ComputedSpelExpression obtainComputedSpelExpression( final IEngineConfiguration configuration, final IStandardVariableExpression expression, final String spelExpression) { if (expression instanceof VariableExpression) { final VariableExpression vexpression = (VariableExpression) expression; Object cachedExpression = vexpression.getCachedExpression(); if (cachedExpression != null && cachedExpression instanceof ComputedSpelExpression) { return (ComputedSpelExpression) cachedExpression; } cachedExpression = getExpression(configuration, spelExpression); if (cachedExpression != null) { vexpression.setCachedExpression(cachedExpression); } return (ComputedSpelExpression) cachedExpression; } if (expression instanceof SelectionVariableExpression) { final SelectionVariableExpression vexpression = (SelectionVariableExpression) expression; Object cachedExpression = vexpression.getCachedExpression(); if (cachedExpression != null && cachedExpression instanceof ComputedSpelExpression) { return (ComputedSpelExpression) cachedExpression; } cachedExpression = getExpression(configuration, spelExpression); if (cachedExpression != null) { vexpression.setCachedExpression(cachedExpression); } return (ComputedSpelExpression) cachedExpression; } return getExpression(configuration, spelExpression); }
private static ComputedSpelExpression obtainComputedSpelExpression( final IEngineConfiguration configuration, final IStandardVariableExpression expression, final String spelExpression) { if (expression instanceof VariableExpression) { final VariableExpression vexpression = (VariableExpression) expression; Object cachedExpression = vexpression.getCachedExpression(); if (cachedExpression != null && cachedExpression instanceof ComputedSpelExpression) { return (ComputedSpelExpression) cachedExpression; } cachedExpression = getExpression(configuration, spelExpression); if (cachedExpression != null) { vexpression.setCachedExpression(cachedExpression); } return (ComputedSpelExpression) cachedExpression; } if (expression instanceof SelectionVariableExpression) { final SelectionVariableExpression vexpression = (SelectionVariableExpression) expression; Object cachedExpression = vexpression.getCachedExpression(); if (cachedExpression != null && cachedExpression instanceof ComputedSpelExpression) { return (ComputedSpelExpression) cachedExpression; } cachedExpression = getExpression(configuration, spelExpression); if (cachedExpression != null) { vexpression.setCachedExpression(cachedExpression); } return (ComputedSpelExpression) cachedExpression; } return getExpression(configuration, spelExpression); }