Dieter Tremel commented on WICKET-6321:

I have added a suggestion that should solve CSS and Javascript. See 
 Created from my github fork of wicket, could create a pull request, but I am 
not shure if it works and fits the philosophy.
 I went for minimum change of the existing code base, hope its well done.

Short description: Built around the interface IntegrityAttributed, that is 
marking and defines the getters for the two attributes. UrlResourceReference 
implements it, use setters there to add crossorigin and integrity. No 
Constructors for integrity there added so far. *ReferenceHeaderitems also hold 
the attributes and copy them from the reference if needed, equals and hashcode 
adjusted for them. Rendering in *Utils enabled for the attributes. Some Javadoc 
added, but no Unit tests.

Wicket-core does build with it (also unit tests), but I did not test the 
functionality so far, sorry for that, my test environment is not sufficient. 
Just to start a discussion, will finish if you like it.

> Support Integrity and Crossorigin attributes for 
> JavaScriptUrlReferenceHeaderItem 
> ----------------------------------------------------------------------------------
>                 Key: WICKET-6321
>                 URL: https://issues.apache.org/jira/browse/WICKET-6321
>             Project: Wicket
>          Issue Type: Improvement
>          Components: wicket
>    Affects Versions: 8.0.0-M3
>            Reporter: Mikhail Fursov
>            Priority: Major
>             Fix For: 8.0.0
>         Attachments: wicket-6321-20180306.diff, wicket-6321.diff
> Example of secure script reference:
> <script 
> src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.0.0-alpha.6/js/bootstrap.min.js";
>  integrity="sha256-+kIbbrvS+0dNOjhmQJzmwe/RILR/8lb/+4+PUNVW09k=" 
> crossorigin="anonymous"></script>

This message was sent by Atlassian JIRA

Reply via email to