Re: wicket git commit: WICKET-6376: allow non-http(s) uris in ajax redirects

Tue, 30 May 2017 11:48:07 -0700 

Hi Emond,

I think it would be useful to have a new JS test for this.
Do you like to add it or I should help ?

Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov

On Tue, May 30, 2017 at 5:55 PM, <papega...@apache.org> wrote:

> Repository: wicket
> Updated Branches:
>   refs/heads/wicket-7.x 35aacc4ef -> 6963c723f
>
>
> WICKET-6376: allow non-http(s) uris in ajax redirects
>
>
> Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
> Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/6963c723
> Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/6963c723
> Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/6963c723
>
> Branch: refs/heads/wicket-7.x
> Commit: 6963c723f1efb55d7ffdc64d2ccd8ab16718ef19
> Parents: 35aacc4
> Author: Emond Papegaaij <papega...@apache.org>
> Authored: Tue May 30 17:54:56 2017 +0200
> Committer: Emond Papegaaij <papega...@apache.org>
> Committed: Tue May 30 17:55:32 2017 +0200
>
> ----------------------------------------------------------------------
>  .../java/org/apache/wicket/ajax/res/js/wicket-ajax-jquery.js    | 5 ++---
>  1 file changed, 2 insertions(+), 3 deletions(-)
> ----------------------------------------------------------------------
>
>
> http://git-wip-us.apache.org/repos/asf/wicket/blob/
> 6963c723/wicket-core/src/main/java/org/apache/wicket/ajax/
> res/js/wicket-ajax-jquery.js
> ----------------------------------------------------------------------
> diff --git 
> a/wicket-core/src/main/java/org/apache/wicket/ajax/res/js/wicket-ajax-jquery.js
> b/wicket-core/src/main/java/org/apache/wicket/ajax/res/js/
> wicket-ajax-jquery.js
> index 0f25238..f0289fc 100644
> --- a/wicket-core/src/main/java/org/apache/wicket/ajax/res/js/
> wicket-ajax-jquery.js
> +++ b/wicket-core/src/main/java/org/apache/wicket/ajax/res/js/
> wicket-ajax-jquery.js
> @@ -780,11 +780,10 @@
>                                         // A file download popup will
> appear but the page in the browser won't change.
>                                         this.success(context);
>
> -                                       var rhttp  = /^http:\/\//,  //
> checks whether the string starts with http://
> -                                           rhttps = /^https:\/\//; //
> checks whether the string starts with https://
> +                                       var withScheme  =
> /^[a-z][a-z0-9+.-]*:\/\//;  // checks whether the string starts with a
> scheme
>
>                                         // support/check for non-relative
> redirectUrl like as provided and needed in a portlet context
> -                                       if (redirectUrl.charAt(0) === '/'
> || rhttp.test(redirectUrl) || rhttps.test(redirectUrl)) {
> +                                       if (redirectUrl.charAt(0) === '/'
> || withScheme.test(redirectUrl)) {
>                                                 context.isRedirecting =
> true;
>                                                 Wicket.Ajax.redirect(
> redirectUrl);
>                                         }
>
>

Reply via email to