[
https://issues.apache.org/jira/browse/WICKET-6321?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16388208#comment-16388208
]
Dieter Tremel commented on WICKET-6321:
---------------------------------------
I have added a suggestion that should solve CSS and Javascript. See
wicket-6321-20180306.diff.
Created from my github fork of wicket, could create a pull request, but I am
not shure if it works and fits the philosophy.
I went for minimum change of the existing code base, hope its well done.
Short description: Built around the interface IntegrityAttributed, that is
marking and defines the getters for the two attributes. UrlResourceReference
implements it, use setters there to add crossorigin and integrity. No
Constructors for integrity there added so far. *ReferenceHeaderitems also hold
the attributes and copy them from the reference if needed, equals and hashcode
adjusted for them. Rendering in *Utils enabled for the attributes. Some Javadoc
added, but no Unit tests.
Wicket-core does build with it (also unit tests), but I did not test the
functionality so far, sorry for that, my test environment is not sufficient.
Just to start a discussion, will finish if you like it.
> Support Integrity and Crossorigin attributes for
> JavaScriptUrlReferenceHeaderItem
> ----------------------------------------------------------------------------------
>
> Key: WICKET-6321
> URL: https://issues.apache.org/jira/browse/WICKET-6321
> Project: Wicket
> Issue Type: Improvement
> Components: wicket
> Affects Versions: 8.0.0-M3
> Reporter: Mikhail Fursov
> Priority: Major
> Fix For: 8.0.0
>
> Attachments: wicket-6321-20180306.diff, wicket-6321.diff
>
>
> Example of secure script reference:
> <script
> src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.0.0-alpha.6/js/bootstrap.min.js";
> integrity="sha256-+kIbbrvS+0dNOjhmQJzmwe/RILR/8lb/+4+PUNVW09k="
> crossorigin="anonymous"></script>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
