[ https://issues.apache.org/jira/browse/WICKET-6321?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16423679#comment-16423679 ]
ASF GitHub Bot commented on WICKET-6321: ---------------------------------------- Github user svenmeier commented on a diff in the pull request: https://github.com/apache/wicket/pull/273#discussion_r178753738 --- Diff: wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptHeaderItem.java --- @@ -201,7 +202,13 @@ public static JavaScriptReferenceHeaderItem forReference(ResourceReference refer public static JavaScriptReferenceHeaderItem forReference(ResourceReference reference, PageParameters pageParameters, String id, boolean defer, String charset) { - return new JavaScriptReferenceHeaderItem(reference, pageParameters, id, defer, charset, null); + final JavaScriptReferenceHeaderItem javaScriptReferenceHeaderItem = new JavaScriptReferenceHeaderItem(reference, pageParameters, id, defer, charset, null); + if(reference instanceof IntegrityAttributed) { --- End diff -- Does a reference really need to be able to decide about integrity attributes? It can't change charset or defer either, why are integrity attributes treated differently? > Support Integrity and Crossorigin attributes for > JavaScriptUrlReferenceHeaderItem > ---------------------------------------------------------------------------------- > > Key: WICKET-6321 > URL: https://issues.apache.org/jira/browse/WICKET-6321 > Project: Wicket > Issue Type: Improvement > Components: wicket > Affects Versions: 8.0.0-M3 > Reporter: Mikhail Fursov > Priority: Major > Fix For: 8.0.0 > > Attachments: wicket-6321-20180306.diff, wicket-6321.diff > > > Example of secure script reference: > <script > src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.0.0-alpha.6/js/bootstrap.min.js" > integrity="sha256-+kIbbrvS+0dNOjhmQJzmwe/RILR/8lb/+4+PUNVW09k=" > crossorigin="anonymous"></script> -- This message was sent by Atlassian JIRA (v7.6.3#76005)