[
https://issues.apache.org/jira/browse/WICKET-6724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17015893#comment-17015893
]
Emond Papegaaij commented on WICKET-6724:
-----------------------------------------
That's why you need to set preventDefault. That should stop the browser from
following the href on click. Actually, when prevent default is set, we do not
need to clear href, but I think it is cleaner to do so anyway.
> CSP: Inline Javascript in AjaxLink
> ----------------------------------
>
> Key: WICKET-6724
> URL: https://issues.apache.org/jira/browse/WICKET-6724
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
> Reporter: Emond Papegaaij
> Priority: Major
>
> org.apache.wicket.ajax.markup.html.*AjaxLink*#onComponentTag : should rather
> completely remove the href, potentially some css class like
> `wicket-ajax-link` could be added
> {code:java}
> if (tagName.equalsIgnoreCase("a") || tagName.equalsIgnoreCase("link") ||
> tagName.equalsIgnoreCase("area"))
> {
> // disable any href attr in markup
> tag.put("href", "javascript:;");
> }
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
