You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Emond Papegaaij (Jira)" <ji...@apache.org> on 2020/01/17 09:48:00 UTC
[jira] [Created] (WICKET-6732) CSP: inline JS in Link
Emond Papegaaij created WICKET-6732:
---------------------------------------
Summary: CSP: inline JS in Link
Key: WICKET-6732
URL: https://issues.apache.org/jira/browse/WICKET-6732
Project: Wicket
Issue Type: Bug
Components: wicket-core
Affects Versions: 9.0.0-M4
Reporter: Emond Papegaaij
{{org.apache.wicket.markup.html.link.Link}} uses a lot of inline JS, like:
{code:java}
tag.put("onclick", popupSettings.getPopupJavaScript());
{code}
{code:java}
tag.put(
"onclick",
"var win = this.ownerDocument.defaultView || this.ownerDocument.parentWindow; " +
"if (win == window) { window.location.href='" +
url + "'; } ;return false");
{code}
{code:java}
// If the subclass specified javascript, use that
final CharSequence onClickJavaScript = getOnClickScript(url);
if (onClickJavaScript != null)
{
tag.put("onclick", onClickJavaScript);
}
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)