[jira] [Commented] (WICKET-6289) Autolinking adds onclick attribute to tags

Fri, 25 Nov 2016 07:07:16 -0800 

    [ 
https://issues.apache.org/jira/browse/WICKET-6289?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15696063#comment-15696063
 ] 

ASF GitHub Bot commented on WICKET-6289:
----------------------------------------

GitHub user duesenklipper opened a pull request:

    https://github.com/apache/wicket/pull/196

    WICKET-6289 fix autolinker so it does not generate an onclick attribu…

    …te for img tags

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/duesenklipper/wicket 
wicket-8.x/WICKET-6289-autolinker-onclick-fix

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/wicket/pull/196.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #196
    
----
commit ba0f578f53b158ff375e7de6dd7097c7ff93ac79
Author: Carl-Eric Menzel <[email protected]>
Date:   2016-11-25T14:16:31Z

    WICKET-6289 fix autolinker so it does not generate an onclick attribute for 
img tags

----


> Autolinking adds onclick attribute to <img> tags
> ------------------------------------------------
>
>                 Key: WICKET-6289
>                 URL: https://issues.apache.org/jira/browse/WICKET-6289
>             Project: Wicket
>          Issue Type: Bug
>    Affects Versions: 7.4.0, 8.0.0-M2, 6.25.0, 1.5.17
>            Reporter: Carl-Eric Menzel
>            Assignee: Carl-Eric Menzel
>
> When the autolinker can't find the target of a src or href attribute, it 
> falls back to a default autocomponent, that supposedly leaves the tag 
> unchanged. Quoting AutolinkResolver:
> {code}
> if (autoComponent == null)
> {
>       // resolving didn't have the desired result or there was no delegate
>       // found; fallback on the default resolving which is a simple
>       // component that leaves the tag unchanged
>       autoComponent = new AutolinkExternalLink(componentId, 
> pathInfo.reference);
> }
> {code}
> ...except that AutolinkExternalLink is an ExternalLink which is an 
> AbstractLink which does change the original tag. Namely, when applied to 
> something that is not <a> it adds an onclick attribute. This leads to 
> something like the following:
> {code}
> <img src="does-not-exist.png" 
> onclick="window.location.href=&#039;does-not-exist.png&#039;;return false;"/>
> {code}
> ...which is clearly nonsensical. This can happen when the referenced image is 
> not in the classpath - it could either be missing, or it could be in the 
> webapp root somewhere, which can be the case for some legacy applications. 
> (This is how I came across this.)
> A simple fix appears to be to use a plain WebMarkupContainer in place of this 
> particular AutolinkExternalLink. All tests pass when I do that.
> This affects all versions from 1.5 on upward. I'll prepare a pull request.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to