[
https://issues.apache.org/jira/browse/CLK-685?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Bob Schellink resolved CLK-685.
-------------------------------
Resolution: Fixed
done
> AbstractLink should only bind explicitly defined parameters for Ajax requests
> -----------------------------------------------------------------------------
>
> Key: CLK-685
> URL: https://issues.apache.org/jira/browse/CLK-685
> Project: Click
> Issue Type: Sub-task
> Components: core
> Affects Versions: 2.2.0
> Reporter: Bob Schellink
> Assignee: Bob Schellink
> Fix For: 2.3.0-M1
>
>
> AbstractLink binds all incoming request parameters to its own parameter map.
> This makes the link quite easy to use but has the potential to leak
> parameters which isn't targeted at the link. It also duplicates the
> parameters already present on the Context.
> The problem becomes obvious when using Ajax to invoke a link. Any extra
> parameters passed for the Ajax request will be added to the link parameter
> map.
> It is not common for applications to use link.getParameter and with the above
> mentioned issues I suggest we remove getParameter, getParameterValues and
> getParameters from AbstractLink. Click won't bind incoming request parameters
> to the link. However it will still be possible to set link parameters and
> render them.
> See
> http://click.1134972.n2.nabble.com/AbstractLink-request-parameter-leak-tp5139164p5139164.html
> for more details.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
