You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Sven Meier (Jira)" <ji...@apache.org> on 2019/09/27 06:26:00 UTC
[jira] [Assigned] (WICKET-6703) Eliminate window.eval from
wicket-ajax-jquery
[ https://issues.apache.org/jira/browse/WICKET-6703?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sven Meier reassigned WICKET-6703:
----------------------------------
Assignee: Sven Meier
> Eliminate window.eval from wicket-ajax-jquery
> ---------------------------------------------
>
> Key: WICKET-6703
> URL: https://issues.apache.org/jira/browse/WICKET-6703
> Project: Wicket
> Issue Type: Improvement
> Components: wicket-core
> Reporter: Andrew Kondratev
> Assignee: Sven Meier
> Priority: Major
>
> It's impossible to configure wicket with strict CSP Policy without unsafe-eval and keep using AJAX, because most of AJAX responses contain evaluations and header contributions which cause window.eval to be called.
> Window eval can be replaced with DOMEval with nonce approach. DOM eval is available in jQuery as globalEval.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)