[
https://issues.apache.org/jira/browse/WICKET-6321?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16423679#comment-16423679
]
ASF GitHub Bot commented on WICKET-6321:
----------------------------------------
Github user svenmeier commented on a diff in the pull request:
https://github.com/apache/wicket/pull/273#discussion_r178753738
--- Diff:
wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptHeaderItem.java
---
@@ -201,7 +202,13 @@ public static JavaScriptReferenceHeaderItem
forReference(ResourceReference refer
public static JavaScriptReferenceHeaderItem
forReference(ResourceReference reference,
PageParameters pageParameters, String id, boolean defer, String
charset)
{
- return new JavaScriptReferenceHeaderItem(reference,
pageParameters, id, defer, charset, null);
+ final JavaScriptReferenceHeaderItem
javaScriptReferenceHeaderItem = new JavaScriptReferenceHeaderItem(reference,
pageParameters, id, defer, charset, null);
+ if(reference instanceof IntegrityAttributed) {
--- End diff --
Does a reference really need to be able to decide about integrity
attributes? It can't change charset or defer either, why are integrity
attributes treated differently?
> Support Integrity and Crossorigin attributes for
> JavaScriptUrlReferenceHeaderItem
> ----------------------------------------------------------------------------------
>
> Key: WICKET-6321
> URL: https://issues.apache.org/jira/browse/WICKET-6321
> Project: Wicket
> Issue Type: Improvement
> Components: wicket
> Affects Versions: 8.0.0-M3
> Reporter: Mikhail Fursov
> Priority: Major
> Fix For: 8.0.0
>
> Attachments: wicket-6321-20180306.diff, wicket-6321.diff
>
>
> Example of secure script reference:
> <script
> src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.0.0-alpha.6/js/bootstrap.min.js";
> integrity="sha256-+kIbbrvS+0dNOjhmQJzmwe/RILR/8lb/+4+PUNVW09k="
> crossorigin="anonymous"></script>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
