So long as you are able to reproduce the issue and evaluate if you can
confirm the fix, it should be ok. You can then finetune the solution.
**
Martin
to 9. huhtik. 2020 klo 15.07 Martin Grigorov (mgrigo...@apache.org)
kirjoitti:
> I still do not understand what exactly is the issue here.
>
>
On 2020/04/09 12:04:00, Sven Meier wrote:
> Hi Francesco,
>
> I'll have to check what has changed here.
>
> I wouldn't expect any problems with MockPageStore, but perhaps it
> changed slightly.
>
> Can you write a testcase that runs in Wicket 8 but fails in 9?
Not sure if I am able, but
On 2020/04/09 12:01:25, Martin Grigorov wrote:
> It is not my day today! :-)
> This is the second description of an issue here in users@ which I don't
> understand.
np Martin, I understand you completely :-)
> I'll let someone else try to help you.
>
> On Thu, Apr 9, 2020 at 2:32 PM Francesco
I still do not understand what exactly is the issue here.
The client/browser submits the values as key/value pairs
(application/x-www-form-urlencoded).
The server responds with XML that is processed by wicket-ajax.js.
How validation of the submit values could help with the XML injection ?!
On
Hi Francesco,
I'll have to check what has changed here.
I wouldn't expect any problems with MockPageStore, but perhaps it
changed slightly.
Can you write a testcase that runs in Wicket 8 but fails in 9?
Have fun
Sven
On 09.04.20 12:20, Francesco Chicchiriccò wrote:
Hi all,
at Syncope we
It is not my day today! :-)
This is the second description of an issue here in users@ which I don't
understand.
I'll let someone else try to help you.
On Thu, Apr 9, 2020 at 2:32 PM Francesco Chicchiriccò
wrote:
> On 2020/04/09 10:58:13, Martin Grigorov wrote:
> > Hi,
> >
> > Why do you need
Thank you, I'll do that and see if works
On Thu, Apr 9, 2020 at 6:35 PM Martin Terra <
martin.te...@koodaripalvelut.com> wrote:
> Can you solve this by simple validation if submitted values are legal? This
> way it does not matter if client tries to override the submit.
>
> **
> Martin
>
> to 9.
On 2020/04/09 10:58:13, Martin Grigorov wrote:
> Hi,
>
> Why do you need to use PageManager ?
> By default WicketTester uses MockPageManager without a backing PageStore.
That was the simplest workaround I could find; for sure, without the
workaround, e.g. with simple "new WicketTester()" I
Hi,
Why do you need to use PageManager ?
By default WicketTester uses MockPageManager without a backing PageStore.
On Thu, Apr 9, 2020 at 1:20 PM Francesco Chicchiriccò
wrote:
> Hi all,
> at Syncope we have been upgrading our Console and Enduser web applications
> from Wicket 8 to 9.0.0-M5, in
Can you solve this by simple validation if submitted values are legal? This
way it does not matter if client tries to override the submit.
**
Martin
to 9. huhtik. 2020 klo 12.22 Shengche Hsiao (shengchehs...@gmail.com)
kirjoitti:
> I got a report , it suggest our web site to deal with xml
Hi all,
at Syncope we have been upgrading our Console and Enduser web applications from
Wicket 8 to 9.0.0-M5, in our master branch.
The process have been quite smooth effectively, with a single noticeable
exception: in our tests we largely use WicketTester; we have verified, however,
that
I got a report , it suggest our web site to deal with xml injection issue.
We use DropDownChoice with OnChangeAjaxBehavior to invoke another
DropDownChoice via wicket-ajax buit-in xml payload, and the reporters
used Burpsuite
to inject xml on xmlpayload, such as inject
image.png
The images didn't make it to the mailing list.
Please use some online image paste bin.
On Thu, Apr 9, 2020 at 11:33 AM Shengche Hsiao
wrote:
> I got a report , it suggest our web site to deal with xml injection issue.
> We use DropDownChoice with OnChangeAjaxBehavior to invoke another
>
I got a report , it suggest our web site to deal with xml injection issue.
We use DropDownChoice with OnChangeAjaxBehavior to invoke another
DropDownChoice via wicket-ajax buit-in xml payload, and the reporters
used Burpsuite
to inject xml on xmlpayload, such as inject
[image: image.png]
and
On Thu, Apr 9, 2020 at 11:09 AM Shengche Hsiao
wrote:
> Yes, I need to know overriding which methods
>
I still do not understand what exactly you need to accomplish.
Please be more specific!
>
> On Thu, Apr 9, 2020 at 16:03 Martin Grigorov wrote:
>
> > Hi,
> >
> > On Thu, Apr 9, 2020 at
Yes, I need to know overriding which methods
On Thu, Apr 9, 2020 at 16:03 Martin Grigorov wrote:
> Hi,
>
> On Thu, Apr 9, 2020 at 10:27 AM ShengChe Hsiao wrote:
>
> > Dear all
> >
> > I use built-in ajax dropdownchoice component, it's default payload is xml
> > entity, but if I need to prevent
Thanks, I’ll figure it out
On Thu, Apr 9, 2020 at 16:03 Martin Grigorov wrote:
> Hi,
>
> On Thu, Apr 9, 2020 at 10:27 AM ShengChe Hsiao wrote:
>
> > Dear all
> >
> > I use built-in ajax dropdownchoice component, it's default payload is xml
> > entity, but if I need to prevent xml injection
Thanks
On Thu, Apr 9, 2020 at 15:57 Martin Terra
wrote:
> I'd recommend you simply include it with maven options into your IDE this
> way it is always there with you.
>
> You can googe it, and there are some recent previous wicket threads about
> it too:
>
>
Hi,
On Thu, Apr 9, 2020 at 10:27 AM ShengChe Hsiao wrote:
> Dear all
>
> I use built-in ajax dropdownchoice component, it's default payload is xml
> entity, but if I need to prevent xml injection ,how can i do?
>
Could you please give some more information what exactly you need?
>
>
>
I'd recommend you simply include it with maven options into your IDE this
way it is always there with you.
You can googe it, and there are some recent previous wicket threads about
it too:
http://apache-wicket.1842946.n4.nabble.com/Where-to-download-Javadoc-for-Wicket-8-x-td4683643.html#a4683654
I can checkout source from github, but I need some advise to start, thanks
On Thu, Apr 9, 2020 at 3:36 PM Martin Terra <
martin.te...@koodaripalvelut.com> wrote:
> You could override some of the methods that do the injecting. Do you have
> the wicket sources?
>
> **
> Martin
>
> to 9. huhtik.
You could override some of the methods that do the injecting. Do you have
the wicket sources?
**
Martin
to 9. huhtik. 2020 klo 10.27 ShengChe Hsiao (front...@gmail.com) kirjoitti:
> Dear all
>
> I use built-in ajax dropdownchoice component, it's default payload is xml
> entity, but if I need to
Dear all
I use built-in ajax dropdownchoice component, it's default payload is xml
entity, but if I need to prevent xml injection ,how can i do?
--->
To boldly go where no man has gone before.
23 matches
Mail list logo