[jira] [Updated] (WICKET-6732) CSP: inline JS in Link and ExternalLink
[ https://issues.apache.org/jira/browse/WICKET-6732?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Emond Papegaaij updated WICKET-6732: Description: {{org.apache.wicket.markup.html.link.Link}} uses a lot of inline JS, like: {code:java} tag.put("onclick", popupSettings.getPopupJavaScript()); {code} {code:java} tag.put( "onclick", "var win = this.ownerDocument.defaultView || this.ownerDocument.parentWindow; " + "if (win == window) { window.location.href='" + url + "'; } ;return false"); {code} {code:java} // If the subclass specified javascript, use that final CharSequence onClickJavaScript = getOnClickScript(url); if (onClickJavaScript != null) { tag.put("onclick", onClickJavaScript); } {code} Similar code can be found in {{ExternalLink}}. Also take a look at {{AjaxFallbackLink}}. This class removes the onclick attribute from the {{Link}}, but that will not work if they are not added in the first place. was: {{org.apache.wicket.markup.html.link.Link}} uses a lot of inline JS, like: {code:java} tag.put("onclick", popupSettings.getPopupJavaScript()); {code} {code:java} tag.put( "onclick", "var win = this.ownerDocument.defaultView || this.ownerDocument.parentWindow; " + "if (win == window) { window.location.href='" + url + "'; } ;return false"); {code} {code:java} // If the subclass specified javascript, use that final CharSequence onClickJavaScript = getOnClickScript(url); if (onClickJavaScript != null) { tag.put("onclick", onClickJavaScript); } {code} Similar code can be found in {{ExternalLink}} > CSP: inline JS in Link and ExternalLink > --- > > Key: WICKET-6732 > URL: https://issues.apache.org/jira/browse/WICKET-6732 > Project: Wicket > Issue Type: Improvement > Components: wicket-core >Affects Versions: 9.0.0-M4 >Reporter: Emond Papegaaij >Priority: Major > > {{org.apache.wicket.markup.html.link.Link}} uses a lot of inline JS, like: > {code:java} > tag.put("onclick", popupSettings.getPopupJavaScript()); > {code} > {code:java} > tag.put( > "onclick", > "var win = this.ownerDocument.defaultView || > this.ownerDocument.parentWindow; " + > "if (win == window) { window.location.href='" + > url + "'; } ;return false"); > {code} > {code:java} > // If the subclass specified javascript, use that > final CharSequence onClickJavaScript = getOnClickScript(url); > if (onClickJavaScript != null) > { > tag.put("onclick", onClickJavaScript); > } > {code} > Similar code can be found in {{ExternalLink}}. > Also take a look at {{AjaxFallbackLink}}. This class removes the onclick > attribute from the {{Link}}, but that will not work if they are not added in > the first place. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (WICKET-6732) CSP: inline JS in Link and ExternalLink
[ https://issues.apache.org/jira/browse/WICKET-6732?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Emond Papegaaij updated WICKET-6732: Description: {{org.apache.wicket.markup.html.link.Link}} uses a lot of inline JS, like: {code:java} tag.put("onclick", popupSettings.getPopupJavaScript()); {code} {code:java} tag.put( "onclick", "var win = this.ownerDocument.defaultView || this.ownerDocument.parentWindow; " + "if (win == window) { window.location.href='" + url + "'; } ;return false"); {code} {code:java} // If the subclass specified javascript, use that final CharSequence onClickJavaScript = getOnClickScript(url); if (onClickJavaScript != null) { tag.put("onclick", onClickJavaScript); } {code} Similar code can be found in {{ExternalLink}} was: {{org.apache.wicket.markup.html.link.Link}} uses a lot of inline JS, like: {code:java} tag.put("onclick", popupSettings.getPopupJavaScript()); {code} {code:java} tag.put( "onclick", "var win = this.ownerDocument.defaultView || this.ownerDocument.parentWindow; " + "if (win == window) { window.location.href='" + url + "'; } ;return false"); {code} {code:java} // If the subclass specified javascript, use that final CharSequence onClickJavaScript = getOnClickScript(url); if (onClickJavaScript != null) { tag.put("onclick", onClickJavaScript); } {code} > CSP: inline JS in Link and ExternalLink > --- > > Key: WICKET-6732 > URL: https://issues.apache.org/jira/browse/WICKET-6732 > Project: Wicket > Issue Type: Improvement > Components: wicket-core >Affects Versions: 9.0.0-M4 >Reporter: Emond Papegaaij >Priority: Major > > {{org.apache.wicket.markup.html.link.Link}} uses a lot of inline JS, like: > {code:java} > tag.put("onclick", popupSettings.getPopupJavaScript()); > {code} > {code:java} > tag.put( > "onclick", > "var win = this.ownerDocument.defaultView || > this.ownerDocument.parentWindow; " + > "if (win == window) { window.location.href='" + > url + "'; } ;return false"); > {code} > {code:java} > // If the subclass specified javascript, use that > final CharSequence onClickJavaScript = getOnClickScript(url); > if (onClickJavaScript != null) > { > tag.put("onclick", onClickJavaScript); > } > {code} > Similar code can be found in {{ExternalLink}} -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (WICKET-6732) CSP: inline JS in Link and ExternalLink
[ https://issues.apache.org/jira/browse/WICKET-6732?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Emond Papegaaij updated WICKET-6732: Summary: CSP: inline JS in Link and ExternalLink (was: CSP: inline JS in Link) > CSP: inline JS in Link and ExternalLink > --- > > Key: WICKET-6732 > URL: https://issues.apache.org/jira/browse/WICKET-6732 > Project: Wicket > Issue Type: Improvement > Components: wicket-core >Affects Versions: 9.0.0-M4 >Reporter: Emond Papegaaij >Priority: Major > > {{org.apache.wicket.markup.html.link.Link}} uses a lot of inline JS, like: > {code:java} > tag.put("onclick", popupSettings.getPopupJavaScript()); > {code} > {code:java} > tag.put( > "onclick", > "var win = this.ownerDocument.defaultView || > this.ownerDocument.parentWindow; " + > "if (win == window) { window.location.href='" + > url + "'; } ;return false"); > {code} > {code:java} > // If the subclass specified javascript, use that > final CharSequence onClickJavaScript = getOnClickScript(url); > if (onClickJavaScript != null) > { > tag.put("onclick", onClickJavaScript); > } > {code} -- This message was sent by Atlassian Jira (v8.3.4#803005)