Hi,
my application uses a form subclass everywhere for CSRF protection.
Each form needs a hidden field like this: <input type="hidden"
wicket:id="csrf-protection" />
The wicket component for that is added by the form subclass
(SecureForm) which all other forms in the application extend.
Currently each form has to include that markup somewhere, producing a
lot of duplication.
I'm looking for a way to get rid of that duplication. An approach I'm
currently investigating is to generate the markup, similar to how Form
genrates a hidden input it its onComponentTagBody:
@Override
protected void onComponentTagBody(MarkupStream markupStream,
ComponentTag openTag) {
String nameAndId = get("csrf-protection").getId();
AppendingStringBuffer buffer = new AppendingStringBuffer(
"<input type=\"hidden\" name=\"").append(nameAndId).append("\" />");
getResponse().write(buffer);
super.onComponentTagBody(markupStream, openTag);
}
That doesn't work, Wicket throws an exception of a missing reference
in markup anyway. Likely because this just writes to the response, not
extending the markup.
I also don't see any way to achieve this via MarkupStream or ComponentTag.
Any ideas?
Regards
Jörn Zaefferer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
