Hi,
the wiki entry you have found is pretty old (StyleSheetReference is no
more part of the API). Where did you read the note you reported in the mail?
BTW: I don't think it's a security issue. It just says that variable
interpolation is done the first time the resource is requested, so you
should avoid to put sensitive user informations into your dynamic CSS/JS.
Andrea.
Guys,
Please advise on the following "feature".
There is the following cool ability in wicket:
https://cwiki.apache.org/confluence/display/WICKET/Dynamically+Generate+a+CSS+Stylesheet
Pretty much the same approach can be used for JavaScript.
But it's noted: if try to retrieve URL for dynamically generated CSS
or JS after initial load of it by "legal" use - you will receive file
with substituted parameters for first user.
Is it security issue or just incorrect usage of this feature?
Thanks,
Ilya
---------------------------------------------
Orienteer(http://orienteer.org) - Modern Data Warehouse for your business.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
