Does wicket have support for top vulnerabilities? Mainly I am trying to protect against cross site scripting and cross site request forgery attacks.
I haven't found anything yet explicitly for those attacks but for CSRF, I was going to try to use the encrypted URL strategy. (And I am assuming the default URL versioning strategy or the random parameter on the url is not a full protection against those attacks?). Also, for csrf, is there an easy way to inject tokens for each request, if those tokens are valid, then we could generate an error. Note: I am assuming an ancient version of wicket.1.4.x(1.4.15). ----
