You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by "Emond Papegaaij (Jira)" <ji...@apache.org> on 2020/01/17 09:48:00 UTC

[jira] [Created] (WICKET-6732) CSP: inline JS in Link

Emond Papegaaij created WICKET-6732:
---------------------------------------

             Summary: CSP: inline JS in Link
                 Key: WICKET-6732
                 URL: https://issues.apache.org/jira/browse/WICKET-6732
             Project: Wicket
          Issue Type: Bug
          Components: wicket-core
    Affects Versions: 9.0.0-M4
            Reporter: Emond Papegaaij


{{org.apache.wicket.markup.html.link.Link}} uses a lot of inline JS, like:
{code:java}
tag.put("onclick", popupSettings.getPopupJavaScript());
{code}

{code:java}
tag.put(
	"onclick",
	"var win = this.ownerDocument.defaultView || this.ownerDocument.parentWindow; " +
		"if (win == window) { window.location.href='" +
		url + "'; } ;return false");
{code}

{code:java}
// If the subclass specified javascript, use that
final CharSequence onClickJavaScript = getOnClickScript(url);
if (onClickJavaScript != null)
{
	tag.put("onclick", onClickJavaScript);
}
{code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)