if you write it out in oncomponenttagbody then you dont need it in the
markupo anymore.
-igor
On Mon, May 25, 2009 at 6:32 AM, Jörn Zaefferer
<joern.zaeffe...@googlemail.com> wrote:
> Hi,
>
> my application uses a form subclass everywhere for CSRF protection.
> Each form needs a hidden field like this: <input type="hidden"
> wicket:id="csrf-protection" />
> The wicket component for that is added by the form subclass
> (SecureForm) which all other forms in the application extend.
>
> Currently each form has to include that markup somewhere, producing a
> lot of duplication.
>
> I'm looking for a way to get rid of that duplication. An approach I'm
> currently investigating is to generate the markup, similar to how Form
> genrates a hidden input it its onComponentTagBody:
>
> @Override
> protected void onComponentTagBody(MarkupStream markupStream,
> ComponentTag openTag) {
> String nameAndId = get("csrf-protection").getId();
> AppendingStringBuffer buffer = new AppendingStringBuffer(
> "<input type=\"hidden\" name=\"").append(nameAndId).append("\" />");
> getResponse().write(buffer);
> super.onComponentTagBody(markupStream, openTag);
> }
>
> That doesn't work, Wicket throws an exception of a missing reference
> in markup anyway. Likely because this just writes to the response, not
> extending the markup.
> I also don't see any way to achieve this via MarkupStream or ComponentTag.
>
> Any ideas?
>
> Regards
> Jörn Zaefferer
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
