How is that going the fix the problem? I'd end up with markup, but no
behaviour on top of it.
Jörn
On Mon, May 25, 2009 at 5:52 PM, Igor Vaynberg <igor.vaynb...@gmail.com> wrote:
> right, so remove that code since you have replaced that component with
> pure markup.
>
> -igor
>
> On Mon, May 25, 2009 at 8:48 AM, Jörn Zaefferer
> <joern.zaeffe...@googlemail.com> wrote:
>> That was the idea. But Wicket still can't find the component markup
>> when looking for it. The form adds this elsewhere:
>>
>> add(new HiddenField<String>("csrf-protection", new
>> Model<String>(csrfProtection())).setRequired(true).add(new
>> IValidator<String>() {
>> public void validate(IValidatable<String> validatable) {
>> log.warn("potential csrf attack, submitted value: " +
>> validatable.getValue() + ", expected: " + csrfProtection());
>> validatable.error(new ValidationError().setMessage("wrong csrf
>> protection cookie"));
>> }
>> }));
>>
>> Jörn
>>
>> On Mon, May 25, 2009 at 5:44 PM, Igor Vaynberg <igor.vaynb...@gmail.com>
>> wrote:
>>> if you write it out in oncomponenttagbody then you dont need it in the
>>> markupo anymore.
>>>
>>> -igor
>>>
>>> On Mon, May 25, 2009 at 6:32 AM, Jörn Zaefferer
>>> <joern.zaeffe...@googlemail.com> wrote:
>>>> Hi,
>>>>
>>>> my application uses a form subclass everywhere for CSRF protection.
>>>> Each form needs a hidden field like this: <input type="hidden"
>>>> wicket:id="csrf-protection" />
>>>> The wicket component for that is added by the form subclass
>>>> (SecureForm) which all other forms in the application extend.
>>>>
>>>> Currently each form has to include that markup somewhere, producing a
>>>> lot of duplication.
>>>>
>>>> I'm looking for a way to get rid of that duplication. An approach I'm
>>>> currently investigating is to generate the markup, similar to how Form
>>>> genrates a hidden input it its onComponentTagBody:
>>>>
>>>> @Override
>>>> protected void onComponentTagBody(MarkupStream markupStream,
>>>> ComponentTag openTag) {
>>>> String nameAndId = get("csrf-protection").getId();
>>>> AppendingStringBuffer buffer = new AppendingStringBuffer(
>>>> "<input type=\"hidden\" name=\"").append(nameAndId).append("\" />");
>>>> getResponse().write(buffer);
>>>> super.onComponentTagBody(markupStream, openTag);
>>>> }
>>>>
>>>> That doesn't work, Wicket throws an exception of a missing reference
>>>> in markup anyway. Likely because this just writes to the response, not
>>>> extending the markup.
>>>> I also don't see any way to achieve this via MarkupStream or ComponentTag.
>>>>
>>>> Any ideas?
>>>>
>>>> Regards
>>>> Jörn Zaefferer
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>>>> For additional commands, e-mail: users-h...@wicket.apache.org
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>>> For additional commands, e-mail: users-h...@wicket.apache.org
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>> For additional commands, e-mail: users-h...@wicket.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
