right, so remove that code since you have replaced that component with
pure markup.
-igor
On Mon, May 25, 2009 at 8:48 AM, Jörn Zaefferer
<joern.zaeffe...@googlemail.com> wrote:
> That was the idea. But Wicket still can't find the component markup
> when looking for it. The form adds this elsewhere:
>
> add(new HiddenField<String>("csrf-protection", new
> Model<String>(csrfProtection())).setRequired(true).add(new
> IValidator<String>() {
> public void validate(IValidatable<String> validatable) {
> log.warn("potential csrf attack, submitted value: " +
> validatable.getValue() + ", expected: " + csrfProtection());
> validatable.error(new ValidationError().setMessage("wrong csrf
> protection cookie"));
> }
> }));
>
> Jörn
>
> On Mon, May 25, 2009 at 5:44 PM, Igor Vaynberg <igor.vaynb...@gmail.com>
> wrote:
>> if you write it out in oncomponenttagbody then you dont need it in the
>> markupo anymore.
>>
>> -igor
>>
>> On Mon, May 25, 2009 at 6:32 AM, Jörn Zaefferer
>> <joern.zaeffe...@googlemail.com> wrote:
>>> Hi,
>>>
>>> my application uses a form subclass everywhere for CSRF protection.
>>> Each form needs a hidden field like this: <input type="hidden"
>>> wicket:id="csrf-protection" />
>>> The wicket component for that is added by the form subclass
>>> (SecureForm) which all other forms in the application extend.
>>>
>>> Currently each form has to include that markup somewhere, producing a
>>> lot of duplication.
>>>
>>> I'm looking for a way to get rid of that duplication. An approach I'm
>>> currently investigating is to generate the markup, similar to how Form
>>> genrates a hidden input it its onComponentTagBody:
>>>
>>> @Override
>>> protected void onComponentTagBody(MarkupStream markupStream,
>>> ComponentTag openTag) {
>>> String nameAndId = get("csrf-protection").getId();
>>> AppendingStringBuffer buffer = new AppendingStringBuffer(
>>> "<input type=\"hidden\" name=\"").append(nameAndId).append("\" />");
>>> getResponse().write(buffer);
>>> super.onComponentTagBody(markupStream, openTag);
>>> }
>>>
>>> That doesn't work, Wicket throws an exception of a missing reference
>>> in markup anyway. Likely because this just writes to the response, not
>>> extending the markup.
>>> I also don't see any way to achieve this via MarkupStream or ComponentTag.
>>>
>>> Any ideas?
>>>
>>> Regards
>>> Jörn Zaefferer
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>>> For additional commands, e-mail: users-h...@wicket.apache.org
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>> For additional commands, e-mail: users-h...@wicket.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
