You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Emond Papegaaij (Jira)" <ji...@apache.org> on 2020/02/03 20:44:00 UTC
[jira] [Resolved] (WICKET-6732) CSP: inline JS in Link and
ExternalLink
[ https://issues.apache.org/jira/browse/WICKET-6732?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emond Papegaaij resolved WICKET-6732.
-------------------------------------
Fix Version/s: 9.0.0-M5
Assignee: Emond Papegaaij
Resolution: Fixed
> CSP: inline JS in Link and ExternalLink
> ---------------------------------------
>
> Key: WICKET-6732
> URL: https://issues.apache.org/jira/browse/WICKET-6732
> Project: Wicket
> Issue Type: Improvement
> Components: wicket-core
> Affects Versions: 9.0.0-M4
> Reporter: Emond Papegaaij
> Assignee: Emond Papegaaij
> Priority: Major
> Fix For: 9.0.0-M5
>
>
> {{org.apache.wicket.markup.html.link.Link}} uses a lot of inline JS, like:
> {code:java}
> tag.put("onclick", popupSettings.getPopupJavaScript());
> {code}
> {code:java}
> tag.put(
> "onclick",
> "var win = this.ownerDocument.defaultView || this.ownerDocument.parentWindow; " +
> "if (win == window) { window.location.href='" +
> url + "'; } ;return false");
> {code}
> {code:java}
> // If the subclass specified javascript, use that
> final CharSequence onClickJavaScript = getOnClickScript(url);
> if (onClickJavaScript != null)
> {
> tag.put("onclick", onClickJavaScript);
> }
> {code}
> Similar code can be found in {{ExternalLink}}.
> Also take a look at {{AjaxFallbackLink}}. This class removes the onclick attribute from the {{Link}}, but that will not work if they are not added in the first place.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)