[jira] [Updated] (WICKET-6732) CSP: inline JS in Link and ExternalLink
[
https://issues.apache.org/jira/browse/WICKET-6732?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Emond Papegaaij updated WICKET-6732:
Description:
{{org.apache.wicket.markup.html.link.Link}} uses a lot of inline JS, like:
{code:java}
tag.put("onclick", popupSettings.getPopupJavaScript());
{code}
{code:java}
tag.put(
"onclick",
"var win = this.ownerDocument.defaultView ||
this.ownerDocument.parentWindow; " +
"if (win == window) { window.location.href='" +
url + "'; } ;return false");
{code}
{code:java}
// If the subclass specified javascript, use that
final CharSequence onClickJavaScript = getOnClickScript(url);
if (onClickJavaScript != null)
{
tag.put("onclick", onClickJavaScript);
}
{code}
Similar code can be found in {{ExternalLink}}.
Also take a look at {{AjaxFallbackLink}}. This class removes the onclick
attribute from the {{Link}}, but that will not work if they are not added in
the first place.
was:
{{org.apache.wicket.markup.html.link.Link}} uses a lot of inline JS, like:
{code:java}
tag.put("onclick", popupSettings.getPopupJavaScript());
{code}
{code:java}
tag.put(
"onclick",
"var win = this.ownerDocument.defaultView ||
this.ownerDocument.parentWindow; " +
"if (win == window) { window.location.href='" +
url + "'; } ;return false");
{code}
{code:java}
// If the subclass specified javascript, use that
final CharSequence onClickJavaScript = getOnClickScript(url);
if (onClickJavaScript != null)
{
tag.put("onclick", onClickJavaScript);
}
{code}
Similar code can be found in {{ExternalLink}}
> CSP: inline JS in Link and ExternalLink
> ---
>
> Key: WICKET-6732
> URL: https://issues.apache.org/jira/browse/WICKET-6732
> Project: Wicket
> Issue Type: Improvement
> Components: wicket-core
>Affects Versions: 9.0.0-M4
>Reporter: Emond Papegaaij
>Priority: Major
>
> {{org.apache.wicket.markup.html.link.Link}} uses a lot of inline JS, like:
> {code:java}
> tag.put("onclick", popupSettings.getPopupJavaScript());
> {code}
> {code:java}
> tag.put(
> "onclick",
> "var win = this.ownerDocument.defaultView ||
> this.ownerDocument.parentWindow; " +
> "if (win == window) { window.location.href='" +
> url + "'; } ;return false");
> {code}
> {code:java}
> // If the subclass specified javascript, use that
> final CharSequence onClickJavaScript = getOnClickScript(url);
> if (onClickJavaScript != null)
> {
> tag.put("onclick", onClickJavaScript);
> }
> {code}
> Similar code can be found in {{ExternalLink}}.
> Also take a look at {{AjaxFallbackLink}}. This class removes the onclick
> attribute from the {{Link}}, but that will not work if they are not added in
> the first place.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (WICKET-6732) CSP: inline JS in Link and ExternalLink
[
https://issues.apache.org/jira/browse/WICKET-6732?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Emond Papegaaij updated WICKET-6732:
Description:
{{org.apache.wicket.markup.html.link.Link}} uses a lot of inline JS, like:
{code:java}
tag.put("onclick", popupSettings.getPopupJavaScript());
{code}
{code:java}
tag.put(
"onclick",
"var win = this.ownerDocument.defaultView ||
this.ownerDocument.parentWindow; " +
"if (win == window) { window.location.href='" +
url + "'; } ;return false");
{code}
{code:java}
// If the subclass specified javascript, use that
final CharSequence onClickJavaScript = getOnClickScript(url);
if (onClickJavaScript != null)
{
tag.put("onclick", onClickJavaScript);
}
{code}
Similar code can be found in {{ExternalLink}}
was:
{{org.apache.wicket.markup.html.link.Link}} uses a lot of inline JS, like:
{code:java}
tag.put("onclick", popupSettings.getPopupJavaScript());
{code}
{code:java}
tag.put(
"onclick",
"var win = this.ownerDocument.defaultView ||
this.ownerDocument.parentWindow; " +
"if (win == window) { window.location.href='" +
url + "'; } ;return false");
{code}
{code:java}
// If the subclass specified javascript, use that
final CharSequence onClickJavaScript = getOnClickScript(url);
if (onClickJavaScript != null)
{
tag.put("onclick", onClickJavaScript);
}
{code}
> CSP: inline JS in Link and ExternalLink
> ---
>
> Key: WICKET-6732
> URL: https://issues.apache.org/jira/browse/WICKET-6732
> Project: Wicket
> Issue Type: Improvement
> Components: wicket-core
>Affects Versions: 9.0.0-M4
>Reporter: Emond Papegaaij
>Priority: Major
>
> {{org.apache.wicket.markup.html.link.Link}} uses a lot of inline JS, like:
> {code:java}
> tag.put("onclick", popupSettings.getPopupJavaScript());
> {code}
> {code:java}
> tag.put(
> "onclick",
> "var win = this.ownerDocument.defaultView ||
> this.ownerDocument.parentWindow; " +
> "if (win == window) { window.location.href='" +
> url + "'; } ;return false");
> {code}
> {code:java}
> // If the subclass specified javascript, use that
> final CharSequence onClickJavaScript = getOnClickScript(url);
> if (onClickJavaScript != null)
> {
> tag.put("onclick", onClickJavaScript);
> }
> {code}
> Similar code can be found in {{ExternalLink}}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (WICKET-6732) CSP: inline JS in Link and ExternalLink
[
https://issues.apache.org/jira/browse/WICKET-6732?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Emond Papegaaij updated WICKET-6732:
Summary: CSP: inline JS in Link and ExternalLink (was: CSP: inline JS in
Link)
> CSP: inline JS in Link and ExternalLink
> ---
>
> Key: WICKET-6732
> URL: https://issues.apache.org/jira/browse/WICKET-6732
> Project: Wicket
> Issue Type: Improvement
> Components: wicket-core
>Affects Versions: 9.0.0-M4
>Reporter: Emond Papegaaij
>Priority: Major
>
> {{org.apache.wicket.markup.html.link.Link}} uses a lot of inline JS, like:
> {code:java}
> tag.put("onclick", popupSettings.getPopupJavaScript());
> {code}
> {code:java}
> tag.put(
> "onclick",
> "var win = this.ownerDocument.defaultView ||
> this.ownerDocument.parentWindow; " +
> "if (win == window) { window.location.href='" +
> url + "'; } ;return false");
> {code}
> {code:java}
> // If the subclass specified javascript, use that
> final CharSequence onClickJavaScript = getOnClickScript(url);
> if (onClickJavaScript != null)
> {
> tag.put("onclick", onClickJavaScript);
> }
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
