You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by "Martin Grigorov (JIRA)" <ji...@apache.org> on 2019/07/17 20:05:00 UTC

[jira] [Commented] (WICKET-6688) Add alternative RPC response to substitute the append java script in ajax response

    [ https://issues.apache.org/jira/browse/WICKET-6688?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16887390#comment-16887390 ] 

Martin Grigorov commented on WICKET-6688:
-----------------------------------------

I think there is no need to register the callbacks.
`target.appendJavaScript("doSomething()")` assumes that `doSomething` is a global function, i.e. `window.doSomething`. Even if it was namespaced, e.g. `My.Namespace.doSomething` then Wicket can again look it up by prepending `window.`: `window.My.Namespace.doSomething`. So the new implementation can just look it up and apply/call it: `window.My.Namespace.doSomething.apply(context, param1, param2)`

> Add alternative RPC response to substitute the append java script in ajax response
> ----------------------------------------------------------------------------------
>
>                 Key: WICKET-6688
>                 URL: https://issues.apache.org/jira/browse/WICKET-6688
>             Project: Wicket
>          Issue Type: Improvement
>            Reporter: Andrew Kondratev
>            Priority: Major
>
> Some kind of RPC could be added to eliminate 'unsafe-eval' in CSP headers.
> The idea is the following, instead of doing `target.appendJavaScript("doSomething()")` we could do something like this `target.appendRemoteCall("doSomething", "val1", "val2")`, the JS function could be rendered by the component/behavior as inline <script> (which can be nonced).
> I implemented a proof of concept, using existing wicket ajax java infrastructure
> https://github.com/andruhon/WicketFetch/blob/master/src/main/java/org/apache/wicket/fetch/example/HomePage.java
> https://github.com/andruhon/WicketFetch/blob/master/src/main/java/org/apache/wicket/fetch/OnChangeFetchAjaxBehavior.java
> https://github.com/andruhon/WicketFetch/blob/master/src/main/java/org/apache/wicket/fetch/js/OnChangeFetchAjaxBehavior.js
> * OnChangeFetchAjaxBehavior.java renders a function into the header as <script></script> element;
> * OnChangeFetchAjaxBehavior.java on ajax event appends javascript wich simply contains JSON;
> * OnChangeFetchAjaxBehavior.js strips `function(){}` and parses JSON, the function mentioned is located in registered callbacks array and called with parameters from the JSON;
> I think this approach could be added into existing infrastructure without creating something entirely new, and this new RPC could be used as a basement for something completely new.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)