[wicket] branch csp updated: WICKET-6737: Fixed many CSP violations

papegaaij Mon, 10 Feb 2020 13:20:41 -0800

This is an automated email from the ASF dual-hosted git repository.

papegaaij pushed a commit to branch csp
in repository https://gitbox.apache.org/repos/asf/wicket.git



The following commit(s) were added to refs/heads/csp by this push:
     new a70cf45  WICKET-6737: Fixed many CSP violations
a70cf45 is described below

commit a70cf45db8e4a9e882cc30b0caee34374bbbcd45
Author: Emond Papegaaij <[email protected]>
AuthorDate: Mon Feb 10 22:19:52 2020 +0100

    WICKET-6737: Fixed many CSP violations
---
 .../org/apache/wicket/examples/ajax/prototype/Index.html     |  1 -
 .../org/apache/wicket/examples/ajax/prototype/Index.java     |  9 +++++++++
 .../wicket/examples/ajax/prototype/PrototypeApplication.java |  1 -
 .../authentication3/MyAuthenticatedWebApplication.java       |  8 ++++++++
 .../org/apache/wicket/examples/breadcrumb/FirstPanel.html    |  4 ++--
 .../org/apache/wicket/examples/breadcrumb/FourthPanel.html   |  2 +-
 .../org/apache/wicket/examples/breadcrumb/ResultPanel.html   |  2 +-
 .../org/apache/wicket/examples/breadcrumb/SecondPanel.html   |  8 ++++----
 .../org/apache/wicket/examples/breadcrumb/ThirdPanel.html    |  2 +-
 .../examples/customresourceloading/CustomLoadedTemplate.html |  2 --
 .../CustomResourceLoadingApplication.java                    |  1 +
 .../examples/template/pageinheritance/TemplatePage.html      |  3 ---
 .../examples/template/pageinheritance/TemplatePage.java      |  9 +++++++++
 .../java/org/apache/wicket/examples/wizard/StaticWizard.java |  2 +-
 .../wicket/examples/wizard/StaticWizardWithPanels$Step1.html |  2 +-
 .../src/main/resources/org/apache/wicket/examples/style.css  | 12 +++++++++++-
 16 files changed, 49 insertions(+), 19 deletions(-)

diff --git 
a/wicket-examples/src/main/java/org/apache/wicket/examples/ajax/prototype/Index.html
 
b/wicket-examples/src/main/java/org/apache/wicket/examples/ajax/prototype/Index.html
index 1e931bd..3b2521c 100644
--- 
a/wicket-examples/src/main/java/org/apache/wicket/examples/ajax/prototype/Index.html
+++ 
b/wicket-examples/src/main/java/org/apache/wicket/examples/ajax/prototype/Index.html
@@ -1,6 +1,5 @@
 <html xmlns:wicket="http://wicket.apache.org";>
 <wicket:head>
-       <script type="text/javascript" src="prototype.js"></script>
        <title>Wicket Examples - Prototype.js / component render</title>
 </wicket:head>
 <body>
diff --git 
a/wicket-examples/src/main/java/org/apache/wicket/examples/ajax/prototype/Index.java
 
b/wicket-examples/src/main/java/org/apache/wicket/examples/ajax/prototype/Index.java
index c62ce4b..06f7bea 100644
--- 
a/wicket-examples/src/main/java/org/apache/wicket/examples/ajax/prototype/Index.java
+++ 
b/wicket-examples/src/main/java/org/apache/wicket/examples/ajax/prototype/Index.java
@@ -20,6 +20,8 @@ import 
org.apache.wicket.core.request.handler.ComponentRenderingRequestHandler;
 import org.apache.wicket.core.request.handler.ListenerRequestHandler;
 import org.apache.wicket.core.request.handler.PageAndComponentProvider;
 import org.apache.wicket.examples.WicketExamplePage;
+import org.apache.wicket.markup.head.IHeaderResponse;
+import org.apache.wicket.markup.head.JavaScriptHeaderItem;
 import org.apache.wicket.markup.html.basic.Label;
 import org.apache.wicket.markup.html.link.Link;
 import org.apache.wicket.model.PropertyModel;
@@ -100,4 +102,11 @@ public class Index extends WicketExamplePage
        {
                return count;
        }
+
+       @Override
+       public void renderHead(IHeaderResponse response)
+       {
+               super.renderHead(response);
+               response.render(JavaScriptHeaderItem.forUrl("prototype.js"));
+       }
 }
diff --git 
a/wicket-examples/src/main/java/org/apache/wicket/examples/ajax/prototype/PrototypeApplication.java
 
b/wicket-examples/src/main/java/org/apache/wicket/examples/ajax/prototype/PrototypeApplication.java
index c0531b7..501f70d 100644
--- 
a/wicket-examples/src/main/java/org/apache/wicket/examples/ajax/prototype/PrototypeApplication.java
+++ 
b/wicket-examples/src/main/java/org/apache/wicket/examples/ajax/prototype/PrototypeApplication.java
@@ -18,7 +18,6 @@ package org.apache.wicket.examples.ajax.prototype;
 
 import org.apache.wicket.Page;
 import org.apache.wicket.examples.WicketExampleApplication;
-import org.apache.wicket.response.filter.AjaxServerAndClientTimeFilter;
 
 
 /**
diff --git 
a/wicket-examples/src/main/java/org/apache/wicket/examples/authentication3/MyAuthenticatedWebApplication.java
 
b/wicket-examples/src/main/java/org/apache/wicket/examples/authentication3/MyAuthenticatedWebApplication.java
index 0ab379b..089c88e 100644
--- 
a/wicket-examples/src/main/java/org/apache/wicket/examples/authentication3/MyAuthenticatedWebApplication.java
+++ 
b/wicket-examples/src/main/java/org/apache/wicket/examples/authentication3/MyAuthenticatedWebApplication.java
@@ -19,6 +19,7 @@ package org.apache.wicket.examples.authentication3;
 import org.apache.wicket.Page;
 import 
org.apache.wicket.authroles.authentication.AbstractAuthenticatedWebSession;
 import org.apache.wicket.authroles.authentication.AuthenticatedWebApplication;
+import org.apache.wicket.csp.CSPDirective;
 import org.apache.wicket.markup.html.WebPage;
 
 
@@ -52,5 +53,12 @@ public class MyAuthenticatedWebApplication extends 
AuthenticatedWebApplication
        {
                super.init();
                getDebugSettings().setDevelopmentUtilitiesEnabled(true);
+
+               getCsp().blocking()
+                       .strict()
+                       .reportBack()
+                       .add(CSPDirective.STYLE_SRC,
+                               
"https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css";)
+                       .add(CSPDirective.FONT_SRC, 
"https://maxcdn.bootstrapcdn.com";);
        }
 }
diff --git 
a/wicket-examples/src/main/java/org/apache/wicket/examples/breadcrumb/FirstPanel.html
 
b/wicket-examples/src/main/java/org/apache/wicket/examples/breadcrumb/FirstPanel.html
index 6fb6c98..e54f3e6 100644
--- 
a/wicket-examples/src/main/java/org/apache/wicket/examples/breadcrumb/FirstPanel.html
+++ 
b/wicket-examples/src/main/java/org/apache/wicket/examples/breadcrumb/FirstPanel.html
@@ -1,5 +1,5 @@
 <wicket:panel xmlns:wicket="http://wicket.apache.org";>
-  <div style="border: thin solid black; margin 10px;">
+  <div class="breadcrumb-content">
 Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Curabitur tincidunt 
tincidunt nibh.
 Fusce sed sapien in ipsum nonummy fringilla. Nullam vulputate, purus ac 
elementum mattis, neque magna 
 ullamcorper odio, feugiat feugiat ligula sem ac dolor. Nulla eu pede in nisl 
bibendum dignissim. 
@@ -11,7 +11,7 @@ Quisque a elit et odio dapibus euismod. Aliquam et metus 
vitae est dignissim sol
 tellus et sollicitudin pulvinar, dolor quam rutrum elit, nec malesuada eros 
velit id quam. Sed dictum lectus ut ipsum.
   </div>
   
-  <div style="margin: 10px;">
+  <div class="breadcrumb-links">
    <a href="#" wicket:id="linkToSecond">go to the second panel</a>
   </div>
   
diff --git 
a/wicket-examples/src/main/java/org/apache/wicket/examples/breadcrumb/FourthPanel.html
 
b/wicket-examples/src/main/java/org/apache/wicket/examples/breadcrumb/FourthPanel.html
index faed45d..99ebfd7 100644
--- 
a/wicket-examples/src/main/java/org/apache/wicket/examples/breadcrumb/FourthPanel.html
+++ 
b/wicket-examples/src/main/java/org/apache/wicket/examples/breadcrumb/FourthPanel.html
@@ -1,5 +1,5 @@
 <wicket:panel xmlns:wicket="http://wicket.apache.org";>
-  <div style="border: thin solid black; margin 10px;">
+  <div class="breadcrumb-content">
 Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Curabitur lacinia 
pede. Maecenas egestas molestie dui. 
 Donec fringilla ullamcorper pede. Vivamus ultrices cursus elit. Nulla 
tristique mattis lectus. Suspendisse felis 
 neque, tristique vitae, congue non, interdum ut, nisl. Nam egestas purus ac 
sem. Maecenas vitae nisi. Nam 
diff --git 
a/wicket-examples/src/main/java/org/apache/wicket/examples/breadcrumb/ResultPanel.html
 
b/wicket-examples/src/main/java/org/apache/wicket/examples/breadcrumb/ResultPanel.html
index 186f1ed..2a4d5f1 100644
--- 
a/wicket-examples/src/main/java/org/apache/wicket/examples/breadcrumb/ResultPanel.html
+++ 
b/wicket-examples/src/main/java/org/apache/wicket/examples/breadcrumb/ResultPanel.html
@@ -1,6 +1,6 @@
 <wicket:panel xmlns:wicket="http://wicket.apache.org";>
 
-  <div style="border: thin solid black; margin 10px;">
+  <div class="breadcrumb-content">
 
        The input you provided in the other panel: '<strong><span 
wicket:id="result">result here</span></strong>'.
 
diff --git 
a/wicket-examples/src/main/java/org/apache/wicket/examples/breadcrumb/SecondPanel.html
 
b/wicket-examples/src/main/java/org/apache/wicket/examples/breadcrumb/SecondPanel.html
index d2a6eea..8a52ccf 100644
--- 
a/wicket-examples/src/main/java/org/apache/wicket/examples/breadcrumb/SecondPanel.html
+++ 
b/wicket-examples/src/main/java/org/apache/wicket/examples/breadcrumb/SecondPanel.html
@@ -1,5 +1,5 @@
 <wicket:panel xmlns:wicket="http://wicket.apache.org";>
-  <div style="border: thin solid black; margin 10px;">
+  <div class="breadcrumb-content">
 Donec consectetuer purus nec risus. Ut lobortis. Quisque ac arcu vel mi 
aliquam varius. 
 Aliquam erat volutpat. Sed augue. Pellentesque sapien justo, pellentesque at, 
hendrerit 
 nec, laoreet ac, sapien. Cras at risus. Suspendisse nulla mauris, vehicula 
nec, luctus non, 
@@ -11,7 +11,7 @@ Nunc accumsan, enim eu rutrum faucibus, massa leo luctus 
arcu, nonummy viverra e
 pede. Donec vel neque adipiscing nulla ultrices iaculis.
 </div>
   
-  <div style="margin: 10px;">
+  <div class="breadcrumb-links">
     <form wicket:id="form">
       input <input wicket:id="input" type="text" value="" />&#160;
       <input wicket:id="normalButton" type="submit" value="update" />
@@ -19,11 +19,11 @@ pede. Donec vel neque adipiscing nulla ultrices iaculis.
     </form>
   </div>
   
-  <div style="margin: 10px;">
+  <div class="breadcrumb-links">
    <a href="#" wicket:id="linkToThird">go to the third panel</a>
   </div>
 
-  <div style="margin: 10px;">
+  <div class="breadcrumb-links">
    <a href="#" wicket:id="linkToFourth">go to the fourth panel</a>
   </div>
   
diff --git 
a/wicket-examples/src/main/java/org/apache/wicket/examples/breadcrumb/ThirdPanel.html
 
b/wicket-examples/src/main/java/org/apache/wicket/examples/breadcrumb/ThirdPanel.html
index 55780c8..f2cde67 100644
--- 
a/wicket-examples/src/main/java/org/apache/wicket/examples/breadcrumb/ThirdPanel.html
+++ 
b/wicket-examples/src/main/java/org/apache/wicket/examples/breadcrumb/ThirdPanel.html
@@ -1,5 +1,5 @@
 <wicket:panel xmlns:wicket="http://wicket.apache.org";>
-  <div style="border: thin solid black; margin 10px;">
+  <div class="breadcrumb-content">
 Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Duis sapien nisl, 
suscipit quis, suscipit id, 
 mollis sed, turpis. In a libero. Nunc blandit, sapien at aliquet venenatis, 
tellus pede rhoncus purus, 
 non ultrices tortor felis ac purus. Maecenas adipiscing. Ut id turpis. 
Vestibulum posuere convallis est. 
diff --git 
a/wicket-examples/src/main/java/org/apache/wicket/examples/customresourceloading/CustomLoadedTemplate.html
 
b/wicket-examples/src/main/java/org/apache/wicket/examples/customresourceloading/CustomLoadedTemplate.html
index 7d119c1..53cd399 100644
--- 
a/wicket-examples/src/main/java/org/apache/wicket/examples/customresourceloading/CustomLoadedTemplate.html
+++ 
b/wicket-examples/src/main/java/org/apache/wicket/examples/customresourceloading/CustomLoadedTemplate.html
@@ -11,8 +11,6 @@
 <link
     
href="https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css";
     rel="stylesheet" />
-
-<script src="//code.jquery.com/jquery-1.11.3.min.js"></script>
 </head>
 
 <body>
diff --git 
a/wicket-examples/src/main/java/org/apache/wicket/examples/customresourceloading/CustomResourceLoadingApplication.java
 
b/wicket-examples/src/main/java/org/apache/wicket/examples/customresourceloading/CustomResourceLoadingApplication.java
index 26aa1c1..65735e9 100644
--- 
a/wicket-examples/src/main/java/org/apache/wicket/examples/customresourceloading/CustomResourceLoadingApplication.java
+++ 
b/wicket-examples/src/main/java/org/apache/wicket/examples/customresourceloading/CustomResourceLoadingApplication.java
@@ -24,6 +24,7 @@ import org.apache.wicket.WicketRuntimeException;
 import org.apache.wicket.core.util.resource.UrlResourceStream;
 import org.apache.wicket.core.util.resource.locator.IResourceStreamLocator;
 import org.apache.wicket.core.util.resource.locator.ResourceStreamLocator;
+import org.apache.wicket.csp.CSPDirective;
 import org.apache.wicket.examples.WicketExampleApplication;
 import org.apache.wicket.util.resource.IResourceStream;
 import org.apache.wicket.util.string.Strings;
diff --git 
a/wicket-examples/src/main/java/org/apache/wicket/examples/template/pageinheritance/TemplatePage.html
 
b/wicket-examples/src/main/java/org/apache/wicket/examples/template/pageinheritance/TemplatePage.html
index d48bfa3..45eca6a 100644
--- 
a/wicket-examples/src/main/java/org/apache/wicket/examples/template/pageinheritance/TemplatePage.html
+++ 
b/wicket-examples/src/main/java/org/apache/wicket/examples/template/pageinheritance/TemplatePage.html
@@ -1,8 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <html xmlns="http://www.w3.org/1999/xhtml"; 
xmlns:wicket="http://wicket.apache.org";>
-<wicket:head>
-    <link rel="stylesheet" type="text/css" href="template/style.css"/>
-</wicket:head>
 <body>
     <wicket:extend>
         <h2 wicket:id="title"></h2>
diff --git 
a/wicket-examples/src/main/java/org/apache/wicket/examples/template/pageinheritance/TemplatePage.java
 
b/wicket-examples/src/main/java/org/apache/wicket/examples/template/pageinheritance/TemplatePage.java
index 83d6e61..b7f42d3 100644
--- 
a/wicket-examples/src/main/java/org/apache/wicket/examples/template/pageinheritance/TemplatePage.java
+++ 
b/wicket-examples/src/main/java/org/apache/wicket/examples/template/pageinheritance/TemplatePage.java
@@ -20,6 +20,8 @@ import org.apache.wicket.examples.WicketExamplePage;
 import org.apache.wicket.examples.template.Banner;
 import org.apache.wicket.examples.template.Banner1;
 import org.apache.wicket.examples.template.Banner2;
+import org.apache.wicket.markup.head.CssHeaderItem;
+import org.apache.wicket.markup.head.IHeaderResponse;
 import org.apache.wicket.markup.html.basic.Label;
 import org.apache.wicket.markup.html.link.BookmarkablePageLink;
 import org.apache.wicket.markup.html.link.Link;
@@ -85,4 +87,11 @@ public abstract class TemplatePage extends WicketExamplePage
        {
                pageTitle = title;
        }
+       
+       @Override
+       public void renderHead(IHeaderResponse response)
+       {
+               super.renderHead(response);
+               response.render(CssHeaderItem.forUrl("template/style.css"));
+       }
 }
diff --git 
a/wicket-examples/src/main/java/org/apache/wicket/examples/wizard/StaticWizard.java
 
b/wicket-examples/src/main/java/org/apache/wicket/examples/wizard/StaticWizard.java
index af9a86a..f4c6075 100644
--- 
a/wicket-examples/src/main/java/org/apache/wicket/examples/wizard/StaticWizard.java
+++ 
b/wicket-examples/src/main/java/org/apache/wicket/examples/wizard/StaticWizard.java
@@ -47,7 +47,7 @@ public class StaticWizard extends Wizard
                // create a model with the stupidest steps you can think of
                WizardModel model = new WizardModel();
                model.add(new StaticContentStep("One", "The first step",
-                       "The <span style=\"color:red\">first step</span> in the 
"
+                       "The <span class=\"color-red\">first step</span> in the 
"
                                + "<i>wonderful world</i> of 
<strong>wizards</strong>", true));
                model.add(new StaticContentStep("Two", "The second step", 
"Aren't we having fun?", true));
                model.add(new StaticContentStep("Three", "The third and last 
step",
diff --git 
a/wicket-examples/src/main/java/org/apache/wicket/examples/wizard/StaticWizardWithPanels$Step1.html
 
b/wicket-examples/src/main/java/org/apache/wicket/examples/wizard/StaticWizardWithPanels$Step1.html
index c76fc30..1929d18 100644
--- 
a/wicket-examples/src/main/java/org/apache/wicket/examples/wizard/StaticWizardWithPanels$Step1.html
+++ 
b/wicket-examples/src/main/java/org/apache/wicket/examples/wizard/StaticWizardWithPanels$Step1.html
@@ -1,3 +1,3 @@
 <wicket:panel xmlns:wicket="http://wicket.apache.org";>
-The <span style="color:red">first step</span> in the <i>wonderful world</i> of 
<strong>wizards</strong>
+The <span class="color-red">first step</span> in the <i>wonderful world</i> of 
<strong>wizards</strong>
 </wicket:panel>
\ No newline at end of file
diff --git 
a/wicket-examples/src/main/resources/org/apache/wicket/examples/style.css 
b/wicket-examples/src/main/resources/org/apache/wicket/examples/style.css
index e02eac0..2827e1a 100644
--- a/wicket-examples/src/main/resources/org/apache/wicket/examples/style.css
+++ b/wicket-examples/src/main/resources/org/apache/wicket/examples/style.css
@@ -1382,4 +1382,14 @@ div.wicket-aa ul li.selected {
 
 .download-veil span {
        line-height: 128px;
-}
\ No newline at end of file
+}
+
+.breadcrumb-content {
+       border: thin solid black;
+       margin: 10px;
+}
+
+.breadcrumb-links {
+       margin: 10px;
+}
+

[wicket] branch csp updated: WICKET-6737: Fixed many CSP violations

Reply via email to