Yes, super thanks for detailed explanation
On Sat, Apr 11, 2020 at 11:19 AM Martin Terra <
martin.te...@koodaripalvelut.com> wrote:
> la 11. huhtik. 2020 klo 5.58 Shengche Hsiao (shengchehs...@gmail.com)
> kirjoitti:
>
> > Thanks Martin, I might misunderstand the report, and I'll validate the
>
la 11. huhtik. 2020 klo 5.58 Shengche Hsiao (shengchehs...@gmail.com)
kirjoitti:
> Thanks Martin, I might misunderstand the report, and I'll validate the
> submitted values to prevent xml injection.
>
You're welcome. To clarify: validation can prevent any malicious effects of
injected values,
Thanks Martin, I might misunderstand the report, and I'll validate the
submitted values to prevent xml injection.
On Thu, Apr 9, 2020 at 8:07 PM Martin Grigorov wrote:
> I still do not understand what exactly is the issue here.
>
> The client/browser submits the values as key/value pairs
>
So long as you are able to reproduce the issue and evaluate if you can
confirm the fix, it should be ok. You can then finetune the solution.
**
Martin
to 9. huhtik. 2020 klo 15.07 Martin Grigorov (mgrigo...@apache.org)
kirjoitti:
> I still do not understand what exactly is the issue here.
>
>
I still do not understand what exactly is the issue here.
The client/browser submits the values as key/value pairs
(application/x-www-form-urlencoded).
The server responds with XML that is processed by wicket-ajax.js.
How validation of the submit values could help with the XML injection ?!
On
Thank you, I'll do that and see if works
On Thu, Apr 9, 2020 at 6:35 PM Martin Terra <
martin.te...@koodaripalvelut.com> wrote:
> Can you solve this by simple validation if submitted values are legal? This
> way it does not matter if client tries to override the submit.
>
> **
> Martin
>
> to 9.
Can you solve this by simple validation if submitted values are legal? This
way it does not matter if client tries to override the submit.
**
Martin
to 9. huhtik. 2020 klo 12.22 Shengche Hsiao (shengchehs...@gmail.com)
kirjoitti:
> I got a report , it suggest our web site to deal with xml
I got a report , it suggest our web site to deal with xml injection issue.
We use DropDownChoice with OnChangeAjaxBehavior to invoke another
DropDownChoice via wicket-ajax buit-in xml payload, and the reporters
used Burpsuite
to inject xml on xmlpayload, such as inject
image.png
The images didn't make it to the mailing list.
Please use some online image paste bin.
On Thu, Apr 9, 2020 at 11:33 AM Shengche Hsiao
wrote:
> I got a report , it suggest our web site to deal with xml injection issue.
> We use DropDownChoice with OnChangeAjaxBehavior to invoke another
>
I got a report , it suggest our web site to deal with xml injection issue.
We use DropDownChoice with OnChangeAjaxBehavior to invoke another
DropDownChoice via wicket-ajax buit-in xml payload, and the reporters
used Burpsuite
to inject xml on xmlpayload, such as inject
[image: image.png]
and
On Thu, Apr 9, 2020 at 11:09 AM Shengche Hsiao
wrote:
> Yes, I need to know overriding which methods
>
I still do not understand what exactly you need to accomplish.
Please be more specific!
>
> On Thu, Apr 9, 2020 at 16:03 Martin Grigorov wrote:
>
> > Hi,
> >
> > On Thu, Apr 9, 2020 at
Yes, I need to know overriding which methods
On Thu, Apr 9, 2020 at 16:03 Martin Grigorov wrote:
> Hi,
>
> On Thu, Apr 9, 2020 at 10:27 AM ShengChe Hsiao wrote:
>
> > Dear all
> >
> > I use built-in ajax dropdownchoice component, it's default payload is xml
> > entity, but if I need to prevent
Thanks, I’ll figure it out
On Thu, Apr 9, 2020 at 16:03 Martin Grigorov wrote:
> Hi,
>
> On Thu, Apr 9, 2020 at 10:27 AM ShengChe Hsiao wrote:
>
> > Dear all
> >
> > I use built-in ajax dropdownchoice component, it's default payload is xml
> > entity, but if I need to prevent xml injection
Thanks
On Thu, Apr 9, 2020 at 15:57 Martin Terra
wrote:
> I'd recommend you simply include it with maven options into your IDE this
> way it is always there with you.
>
> You can googe it, and there are some recent previous wicket threads about
> it too:
>
>
Hi,
On Thu, Apr 9, 2020 at 10:27 AM ShengChe Hsiao wrote:
> Dear all
>
> I use built-in ajax dropdownchoice component, it's default payload is xml
> entity, but if I need to prevent xml injection ,how can i do?
>
Could you please give some more information what exactly you need?
>
>
>
I'd recommend you simply include it with maven options into your IDE this
way it is always there with you.
You can googe it, and there are some recent previous wicket threads about
it too:
http://apache-wicket.1842946.n4.nabble.com/Where-to-download-Javadoc-for-Wicket-8-x-td4683643.html#a4683654
I can checkout source from github, but I need some advise to start, thanks
On Thu, Apr 9, 2020 at 3:36 PM Martin Terra <
martin.te...@koodaripalvelut.com> wrote:
> You could override some of the methods that do the injecting. Do you have
> the wicket sources?
>
> **
> Martin
>
> to 9. huhtik.
You could override some of the methods that do the injecting. Do you have
the wicket sources?
**
Martin
to 9. huhtik. 2020 klo 10.27 ShengChe Hsiao (front...@gmail.com) kirjoitti:
> Dear all
>
> I use built-in ajax dropdownchoice component, it's default payload is xml
> entity, but if I need to
18 matches
Mail list logo