[jira] [Created] (WICKET-6731) CSP: inline JS in SubmitLink

Emond Papegaaij (Jira) Fri, 17 Jan 2020 01:40:30 -0800

Emond Papegaaij created WICKET-6731:
---------------------------------------


             Summary: CSP: inline JS in SubmitLink
                 Key: WICKET-6731
                 URL: https://issues.apache.org/jira/browse/WICKET-6731
             Project: Wicket
          Issue Type: Bug
          Components: wicket-core
    Affects Versions: 9.0.0-M4
            Reporter: Emond Papegaaij


{{org.apache.wicket.markup.html.formSubmitLink}} uses inline Javascript in two 
places.

The href attribute is replaced with empty JS. This will cause a CSP violation. 
A different solution needs to be found. Probably via a JS event handler that 
calls {{event.preventDefault()}}.
{code:java}
tag.put("href", "javascript:;");
{code}

The trigger javascript is rendered as onclick. This needs to be an event 
handler.
{code:java}
tag.put("onclick", getTriggerJavaScript());
{code}




--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (WICKET-6731) CSP: inline JS in SubmitLink

Reply via email to