solomax commented on a change in pull request #376: WICKET-6682 add CSP nonce
support: DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#discussion_r303282678
##
File path:
wicket-core/src/main/java/org/apache/wicket/core/util/string/CssUtils.java
##
solomax commented on a change in pull request #376: WICKET-6682 add CSP nonce
support: DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#discussion_r303282781
##
File path:
wicket-core/src/main/java/org/apache/wicket/core/util/string/JavaScriptUtils.j
martin-g commented on a change in pull request #376: WICKET-6682 add CSP nonce
support: DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#discussion_r303299424
##
File path:
wicket-core/src/main/java/org/apache/wicket/markup/head/OnLoadHeaderItem.java
martin-g commented on a change in pull request #376: WICKET-6682 add CSP nonce
support: DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#discussion_r303299391
##
File path:
wicket-core/src/main/java/org/apache/wicket/markup/head/OnDomReadyHeaderItem.
martin-g commented on a change in pull request #376: WICKET-6682 add CSP nonce
support: DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#discussion_r303299242
##
File path:
wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptHeaderItem.
martin-g commented on a change in pull request #376: WICKET-6682 add CSP nonce
support: DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#discussion_r303300298
##
File path:
wicket-util/src/main/java/org/apache/wicket/util/value/AttributeMap.java
###
martin-g commented on a change in pull request #376: WICKET-6682 add CSP nonce
support: DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#discussion_r303298670
##
File path:
wicket-core/src/main/java/org/apache/wicket/core/util/string/JavaScriptUtils.
martin-g commented on a change in pull request #376: WICKET-6682 add CSP nonce
support: DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#discussion_r303299095
##
File path:
wicket-core/src/main/java/org/apache/wicket/markup/head/CssHeaderItem.java
#
martin-g commented on a change in pull request #376: WICKET-6682 add CSP nonce
support: DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#discussion_r303298114
##
File path:
wicket-core/src/main/java/org/apache/wicket/core/util/string/CssUtils.java
#
martin-g commented on issue #376: WICKET-6682 add CSP nonce support:
DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#issuecomment-511292522
> By the way.
[cwiki.apache.org/confluence/display/WICKET/Wicket+Source+Code+Style](https://cwiki.apache.org/confluen
andruhon commented on a change in pull request #376: WICKET-6682 add CSP nonce
support: DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#discussion_r303316003
##
File path:
wicket-util/src/main/java/org/apache/wicket/util/value/AttributeMap.java
###
andruhon commented on issue #376: WICKET-6682 add CSP nonce support:
DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#issuecomment-511303804
Thank you everyone! I'll go through comments a bit later.
---
martin-g commented on a change in pull request #376: WICKET-6682 add CSP nonce
support: DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#discussion_r303320119
##
File path:
wicket-util/src/main/java/org/apache/wicket/util/value/AttributeMap.java
###
andruhon commented on issue #376: WICKET-6682 add CSP nonce support:
DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#issuecomment-511346497
I went a bit further with cleaning names in utility classes and emphasized
those which are inline ones, it was hard t
svenmeier commented on a change in pull request #376: WICKET-6682 add CSP nonce
support: DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#discussion_r303398070
##
File path:
wicket-core/src/main/java/org/apache/wicket/markup/head/CssHeaderItem.java
svenmeier commented on a change in pull request #376: WICKET-6682 add CSP nonce
support: DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#discussion_r303398973
##
File path:
wicket-util/src/main/java/org/apache/wicket/util/value/IAttributeMapKey.java
svenmeier commented on a change in pull request #376: WICKET-6682 add CSP nonce
support: DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#discussion_r303398863
##
File path:
wicket-util/src/main/java/org/apache/wicket/util/value/HeaderItemAttribute.j
andruhon commented on a change in pull request #376: WICKET-6682 add CSP nonce
support: DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#discussion_r303403279
##
File path:
wicket-util/src/main/java/org/apache/wicket/util/value/HeaderItemAttribute.ja
andruhon commented on a change in pull request #376: WICKET-6682 add CSP nonce
support: DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#discussion_r303404547
##
File path:
wicket-core/src/main/java/org/apache/wicket/markup/head/CssHeaderItem.java
#
andruhon commented on a change in pull request #376: WICKET-6682 add CSP nonce
support: DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#discussion_r303403279
##
File path:
wicket-util/src/main/java/org/apache/wicket/util/value/HeaderItemAttribute.ja
solomax commented on a change in pull request #376: WICKET-6682 add CSP nonce
support: DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#discussion_r303412607
##
File path:
wicket-core/src/main/java/org/apache/wicket/markup/head/CssHeaderItem.java
##
andruhon commented on a change in pull request #376: WICKET-6682 add CSP nonce
support: DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#discussion_r303427180
##
File path:
wicket-core/src/main/java/org/apache/wicket/markup/head/CssHeaderItem.java
#
andruhon commented on issue #376: WICKET-6682 add CSP nonce support:
DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#issuecomment-511400657
I've got into a trouble with this stuff. Need help. The issue is that we
really want all attributes to be escaped, ex
svenmeier commented on issue #376: WICKET-6682 add CSP nonce support:
DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#issuecomment-511423099
I'm confused now - why shouldn't all attributes be escaped? I've read
WICKET-4777 but I don't understand it.
--
andruhon commented on issue #376: WICKET-6682 add CSP nonce support:
DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#issuecomment-511424374
@svenmeier I'm also confused. The url for the CSS is escaped, the url for JS
is not. I have a solution, will push soo
andruhon commented on issue #376: WICKET-6682 add CSP nonce support:
DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#issuecomment-511425486
@svenmeier the issue, I think that escape markup simply swallows parameters
spearated by &, because they are replaced
andruhon edited a comment on issue #376: WICKET-6682 add CSP nonce support:
DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#issuecomment-511425486
@svenmeier the issue, I think that escape markup simply swallows parameters
spearated by &, because they are r
andruhon commented on issue #376: WICKET-6682 add CSP nonce support:
DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#issuecomment-511429413
I suppose, the answer is generally that all URLs should be escaped and
there, probably, must be a special header item
andruhon commented on issue #376: WICKET-6682 add CSP nonce support:
DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#issuecomment-511440398
I removed enums, and updated tests. It now produces the same output,
including links for JS
andruhon commented on issue #374: WICKET-6682 add CSP nonce support: strategy
approach
URL: https://github.com/apache/wicket/pull/374#issuecomment-511443776
I think this one should be closed.
This is an automated message from
andruhon closed pull request #374: WICKET-6682 add CSP nonce support: strategy
approach
URL: https://github.com/apache/wicket/pull/374
This is an automated message from the Apache Git Service.
To respond to the message, plea
svenmeier commented on issue #376: WICKET-6682 add CSP nonce support:
DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#issuecomment-511476813
We should reconsider the change introduced WICKET-4777 ... @martin-g can you
explain why that JavScript url attribut
martin-g commented on issue #376: WICKET-6682 add CSP nonce support:
DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#issuecomment-511688691
WICKET-4777 is almost 7 years old. My memory capacity is not that big.
I guess my thinking was in the line of:
martin-g commented on a change in pull request #376: WICKET-6682 add CSP nonce
support: DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#discussion_r303750156
##
File path:
wicket-core/src/main/java/org/apache/wicket/markup/head/CssHeaderItem.java
#
martin-g commented on issue #376: WICKET-6682 add CSP nonce support:
DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#issuecomment-511691773
Is `AttributeMap#compute(Object, Supplier)` still used ?
I see you replaced all (?) callers to use the BiFunction
andruhon commented on issue #376: WICKET-6682 add CSP nonce support:
DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#issuecomment-511694465
@martin-g the `AttributeMap#compute` has already been removed.
--
andruhon commented on issue #376: WICKET-6682 add CSP nonce support:
DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#issuecomment-511695375
This PR is for wicket-8.x, I propose to merge it to the wicket-8.x with
behavior replicating existing one. And to cre
svenmeier commented on a change in pull request #376: WICKET-6682 add CSP nonce
support: DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#discussion_r303434018
##
File path:
wicket-core/src/main/java/org/apache/wicket/markup/head/CssHeaderItem.java
svenmeier commented on a change in pull request #376: WICKET-6682 add CSP nonce
support: DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#discussion_r303400169
##
File path:
wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptHeaderItem
svenmeier commented on a change in pull request #376: WICKET-6682 add CSP nonce
support: DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#discussion_r303400434
##
File path:
wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptHeaderItem
andruhon commented on a change in pull request #376: WICKET-6682 add CSP nonce
support: DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#discussion_r303823925
##
File path:
wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptHeaderItem.
andruhon commented on a change in pull request #376: WICKET-6682 add CSP nonce
support: DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#discussion_r303835058
##
File path:
wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptHeaderItem.
andruhon commented on a change in pull request #376: WICKET-6682 add CSP nonce
support: DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#discussion_r303837404
##
File path:
wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptHeaderItem.
andruhon commented on a change in pull request #376: WICKET-6682 add CSP nonce
support: DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#discussion_r303839694
##
File path:
wicket-core/src/main/java/org/apache/wicket/markup/head/JavaScriptHeaderItem.
andruhon commented on issue #376: WICKET-6682 add CSP nonce support:
DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#issuecomment-511792269
I think this isn't going to be possible with wicket 8. Pointed this PR to
master.
@svenmeier please have a look at
andruhon commented on issue #376: WICKET-6682 add CSP nonce support:
DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#issuecomment-511976815
I'm not sure that what I did with url encoding is correct. Essentially all
attributes have slightly different rule.
andruhon commented on issue #376: WICKET-6682 add CSP nonce support:
DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#issuecomment-512007729
Pushed another commit removing escaping from the ValueMap and delegating
this job to appropriate header items
--
m4ns0ur opened a new pull request #377: WICKET-6689 fix
ClientProperties.getTimezone() UTC-DST difference calculation.
URL: https://github.com/apache/wicket/pull/377
Fixes [WICKET-6689](https://issues.apache.org/jira/browse/WICKET-6689).
andruhon commented on issue #273: WICKET-6321 Support Integrity and Crossorigin
attributes
URL: https://github.com/apache/wicket/pull/273#issuecomment-512625174
#376 should open a relatively easy way for integrity and crossorigin once
merged
---
svenmeier commented on issue #273: WICKET-6321 Support Integrity and
Crossorigin attributes
URL: https://github.com/apache/wicket/pull/273#issuecomment-512713964
Indeed.
This is an automated message from the Apache Git Servic
andruhon opened a new pull request #378: WICKET-6688 add RFC support (to avoid
unsafe eval)
URL: https://github.com/apache/wicket/pull/378
Initial commit addressing https://issues.apache.org/jira/browse/WICKET-6688.
Please have a look if it makes sense. If it is I can add documentati
solomax commented on a change in pull request #378: WICKET-6688 add RFC support
(to avoid unsafe eval)
URL: https://github.com/apache/wicket/pull/378#discussion_r304790455
##
File path:
wicket-core/src/main/java/org/apache/wicket/ajax/RemoteFunctionCallUtils.java
##
@@ -0
solomax commented on a change in pull request #378: WICKET-6688 add RFC support
(to avoid unsafe eval)
URL: https://github.com/apache/wicket/pull/378#discussion_r304790048
##
File path:
wicket-core/src/main/java/org/apache/wicket/ajax/RemoteFunctionCallUtils.java
##
@@ -0
solomax commented on a change in pull request #378: WICKET-6688 add RFC support
(to avoid unsafe eval)
URL: https://github.com/apache/wicket/pull/378#discussion_r304791684
##
File path:
wicket-examples/src/main/java/org/apache/wicket/examples/ajax/builtin/RFCPage.java
##
solomax commented on a change in pull request #378: WICKET-6688 add RFC support
(to avoid unsafe eval)
URL: https://github.com/apache/wicket/pull/378#discussion_r304792704
##
File path:
wicket-examples/src/main/java/org/apache/wicket/examples/ajax/builtin/RFCPage.html
##
svenmeier commented on a change in pull request #378: WICKET-6688 add RFC
support (to avoid unsafe eval)
URL: https://github.com/apache/wicket/pull/378#discussion_r304796350
##
File path:
wicket-core/src/main/java/org/apache/wicket/ajax/AjaxRequestHandler.java
##
@@ -16,1
andruhon commented on a change in pull request #378: WICKET-6688 add RFC
support (to avoid unsafe eval)
URL: https://github.com/apache/wicket/pull/378#discussion_r304820758
##
File path:
wicket-core/src/main/java/org/apache/wicket/ajax/RemoteFunctionCallUtils.java
##
@@ -
solomax commented on a change in pull request #378: WICKET-6688 add RFC support
(to avoid unsafe eval)
URL: https://github.com/apache/wicket/pull/378#discussion_r304823612
##
File path:
wicket-core/src/main/java/org/apache/wicket/ajax/RemoteFunctionCallUtils.java
##
@@ -0
andruhon commented on issue #378: WICKET-6688 add RFC support (to avoid unsafe
eval)
URL: https://github.com/apache/wicket/pull/378#issuecomment-512749964
I went through comments.
This is an automated message from the Apache
andruhon commented on issue #378: WICKET-6688 add RFC support (to avoid unsafe
eval)
URL: https://github.com/apache/wicket/pull/378#issuecomment-512750325
(did a force push)
This is an automated message from the Apache Git Se
solomax commented on a change in pull request #378: WICKET-6688 add RFC support
(to avoid unsafe eval)
URL: https://github.com/apache/wicket/pull/378#discussion_r304836583
##
File path:
wicket-core/src/main/java/org/apache/wicket/ajax/RemoteFunctionCallUtils.java
##
@@ -0
martin-g merged pull request #377: WICKET-6689 fix
ClientProperties.getTimezone() UTC-DST difference calculation.
URL: https://github.com/apache/wicket/pull/377
This is an automated message from the Apache Git Service.
To re
toby1984 opened a new pull request #379: WICKET-6693 Mark
FormComponent#setModelValue(String[]) as not being part of the public API
URL: https://github.com/apache/wicket/pull/379
See discussion on wicket-dev / JIRA ticket.
Th
asfgit closed pull request #376: WICKET-6682 add CSP nonce support:
DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376
This is an automated message from the Apache Git Service.
To respond to the
svenmeier commented on issue #376: WICKET-6682 add CSP nonce support:
DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#issuecomment-518408544
I've merged this request into master with adjustments. Many thanks Andrew!
-
andruhon commented on issue #376: WICKET-6682 add CSP nonce support:
DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#issuecomment-518430534
Thank you everyone!
This is an automated message fro
andruhon commented on issue #378: WICKET-6688 add RFC support (to avoid unsafe
eval)
URL: https://github.com/apache/wicket/pull/378#issuecomment-518430880
Hi! What's up with this one? Are there any alternative approaches to get rid
of eval I can consider?
-
svenmeier commented on issue #378: WICKET-6688 add RFC support (to avoid unsafe
eval)
URL: https://github.com/apache/wicket/pull/378#issuecomment-518547216
I'll take another look.
This is an automated message from the Apache
svenmeier commented on issue #378: WICKET-6688 add RFC support (to avoid unsafe
eval)
URL: https://github.com/apache/wicket/pull/378#issuecomment-518701345
I've taken a second look and I'm all in favor of pursuing this improvement.
#appendJavaScript() and #appendRemoteFunctionCall()
andruhon commented on issue #378: WICKET-6688 add RFC support (to avoid unsafe
eval)
URL: https://github.com/apache/wicket/pull/378#issuecomment-518935243
I'm ready to contribute a substantial amount of time into resolving this
issue.
My original concept was:
* add the RPC/RFC su
martin-g commented on issue #379: WICKET-6693 Mark
FormComponent#setModelValue(String[]) as not being part of the public API
URL: https://github.com/apache/wicket/pull/379#issuecomment-519038487
There was a commit in Wicket repo for this yesterday but for some reason
GitHub didn't detect i
dutrieux commented on issue #373: make autolabel functionality more flexible by
introducing a locator interface that allow to specify the component the
wicket:for refers too
URL: https://github.com/apache/wicket/pull/373#issuecomment-519146830
Be possible to have this change on v8.x ?
---
reiern70 commented on issue #373: make autolabel functionality more flexible by
introducing a locator interface that allow to specify the component the
wicket:for refers too
URL: https://github.com/apache/wicket/pull/373#issuecomment-519861362
> Be possible to have this change on v8.x ?
martin-g commented on issue #373: make autolabel functionality more flexible by
introducing a locator interface that allow to specify the component the
wicket:for refers too
URL: https://github.com/apache/wicket/pull/373#issuecomment-520879276
Done!
---
reiern70 commented on issue #373: make autolabel functionality more flexible by
introducing a locator interface that allow to specify the component the
wicket:for refers too
URL: https://github.com/apache/wicket/pull/373#issuecomment-520879451
Thanks!
-
svenmeier opened a new pull request #380: WICKET-6558 no lock after detach
URL: https://github.com/apache/wicket/pull/380
A possible solution:
Session can prevent creating of locks after it has been detached for the end
of the request.
---
svenmeier commented on a change in pull request #380: WICKET-6558 no lock after
detach
URL: https://github.com/apache/wicket/pull/380#discussion_r314032664
##
File path: wicket-core/src/main/java/org/apache/wicket/Application.java
##
@@ -1569,23 +1569,12 @@ public final Re
svenmeier commented on a change in pull request #380: WICKET-6558 no lock after
detach
URL: https://github.com/apache/wicket/pull/380#discussion_r314033103
##
File path: wicket-core/src/main/java/org/apache/wicket/Session.java
##
@@ -670,6 +676,9 @@ public void detach()
svenmeier commented on a change in pull request #380: WICKET-6558 no lock after
detach
URL: https://github.com/apache/wicket/pull/380#discussion_r314032844
##
File path: wicket-core/src/main/java/org/apache/wicket/Application.java
##
@@ -1569,23 +1569,12 @@ public final Re
svenmeier commented on a change in pull request #380: WICKET-6558 no lock after
detach
URL: https://github.com/apache/wicket/pull/380#discussion_r314034503
##
File path:
wicket-core/src/main/java/org/apache/wicket/util/tester/BaseWicketTester.java
##
@@ -495,12 +494,21 @@
svenmeier commented on a change in pull request #380: WICKET-6558 no lock after
detach
URL: https://github.com/apache/wicket/pull/380#discussion_r314033459
##
File path: wicket-core/src/main/java/org/apache/wicket/Session.java
##
@@ -915,6 +924,10 @@ public int nextPageId(
seminolas commented on issue #380: WICKET-6558 no lock after detach
URL: https://github.com/apache/wicket/pull/380#issuecomment-521456564
Looks good to me. We had some custom logging asking for the name of the page
class after the session had already been detached. We only noticed it in
pr
svenmeier commented on issue #380: WICKET-6558 no lock after detach
URL: https://github.com/apache/wicket/pull/380#issuecomment-521639247
Hard to tell what might increase the likelihood of that happening. Perhaps
you can pinpoint a specific version upgrade?
martin-g commented on a change in pull request #380: WICKET-6558 no lock after
detach
URL: https://github.com/apache/wicket/pull/380#discussion_r315000147
##
File path: wicket-core/src/main/java/org/apache/wicket/Session.java
##
@@ -915,6 +924,10 @@ public int nextPageId()
martin-g closed pull request #379: WICKET-6693 Mark
FormComponent#setModelValue(String[]) as not being part of the public API
URL: https://github.com/apache/wicket/pull/379
This is an automated message from the Apache Git Se
andruhon commented on issue #378: WICKET-6688 add RFC support (to avoid unsafe
eval)
URL: https://github.com/apache/wicket/pull/378#issuecomment-524172283
Hi @svenmeier !
Now I see what do you mean.
```Java
final Label c1 = new Label("c1",
LambdaModel.of(this
asfgit closed pull request #380: WICKET-6558 no lock after detach
URL: https://github.com/apache/wicket/pull/380
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and
svenmeier commented on issue #378: WICKET-6688 add RFC support (to avoid unsafe
eval)
URL: https://github.com/apache/wicket/pull/378#issuecomment-524739324
Yes, this concerns any JS that is added during an ajax call.
If a component has an attached AjaxBehavior, setting it visible is
suf
andruhon commented on issue #378: WICKET-6688 add RFC support (to avoid unsafe
eval)
URL: https://github.com/apache/wicket/pull/378#issuecomment-524776052
@svenmeier please have a look at the proof of concept in my last commit.
Generally the issue is in header item being evaluated in
solomax commented on issue #378: WICKET-6688 add RFC support (to avoid unsafe
eval)
URL: https://github.com/apache/wicket/pull/378#issuecomment-525176815
IMO we can't *force* user to use this or that technique
We only can propose sort of best-practices
Short inline JS is already being
svenmeier commented on issue #378: WICKET-6688 add RFC support (to avoid unsafe
eval)
URL: https://github.com/apache/wicket/pull/378#issuecomment-525273530
@andruhon
It's not clear who will clean-up all those header items. Can we garantee,
thas this doesn't impact the browser performanc
andruhon edited a comment on issue #378: WICKET-6688 add RFC support (to avoid
unsafe eval)
URL: https://github.com/apache/wicket/pull/378#issuecomment-525530622
> It's not clear who will clean-up all those header items.
The header item wipes itself on the last line
https://github.
andruhon commented on issue #378: WICKET-6688 add RFC support (to avoid unsafe
eval)
URL: https://github.com/apache/wicket/pull/378#issuecomment-525530622
> It's not clear who will clean-up all those header items.
The header item wipes itself on the last line
https://github.com/apache/
martin-g commented on issue #378: WICKET-6688 add RFC support (to avoid unsafe
eval)
URL: https://github.com/apache/wicket/pull/378#issuecomment-526529653
would it be smarter if we reuse the `
andruhon commented on issue #378: WICKET-6688 add RFC support (to avoid unsafe
eval)
URL: https://github.com/apache/wicket/pull/378#issuecomment-526551863
@martin-g I thought about using the same JS. This could work if we set an id
to this script tag. The question is how we going to identi
andruhon edited a comment on issue #378: WICKET-6688 add RFC support (to avoid
unsafe eval)
URL: https://github.com/apache/wicket/pull/378#issuecomment-526551863
@martin-g I thought about using the same JS tag. This could work if we set
an id to this script tag. The question is how we goin
svenmeier commented on issue #378: WICKET-6688 add RFC support (to avoid unsafe
eval)
URL: https://github.com/apache/wicket/pull/378#issuecomment-526554217
Thanks Andrew!
Actually the header items performance isn't so bad if we compare it to
eval():
```
window.myNameSpace = {}
solomax commented on issue #378: WICKET-6688 add RFC support (to avoid unsafe
eval)
URL: https://github.com/apache/wicket/pull/378#issuecomment-526554812
`console.time` can be used for benchmarking :)
https://developer.mozilla.org/en-US/docs/Web/API/Console/time
svenmeier commented on issue #378: WICKET-6688 add RFC support (to avoid unsafe
eval)
URL: https://github.com/apache/wicket/pull/378#issuecomment-526555023
BTW just stumbled on https://api.jquery.com/jQuery.globalEval/ - note that
it supports a nonce option.
That function just forwa
andruhon edited a comment on issue #378: WICKET-6688 add RFC support (to avoid
unsafe eval)
URL: https://github.com/apache/wicket/pull/378#issuecomment-526559877
Ah, yes. Век живи — век учись (а умрешь дураком).
I think we can use jQuery.globalEval in wicket-ajax-jquery then. I'll pu
301 - 400 of 1142 matches
Mail list logo