Hi all.
I'm trying to improve site security. The Wicket guide mentions a few
ways to improve this:
https://ci.apache.org/projects/wicket/guide/7.x/single.html#_external_security_checks
In particular, there is this one:
response.setHeader("Content-Security-Policy", "default-src https:");
And this disables the ability to use inline styles. This was fine with
me, so I just moved all my own styles into .css files. Problem is, on
pages with a form, Wicket is including this junk around hidden fields:
<form id="sharingForm5" method="post"
action="./24aa2e3f9f344ac792f71009e2093aa9?-1.IFormSubmitListener-sharingForm">
<div
style="width:0px;height:0px;position:absolute;left:-100px;top:-100px;overflow:hidden">
<input type="hidden" name="sharingForm5_hf_0" id="sharingForm5_hf_0" />
</div>
<p>
<input type="submit" name="sharingButton" id="sharingButton6"
value="Disable Sharing"/>
</p>
</form>
Is there a way to disable this? It seems a bit pointless to specify
visibility of a hidden field anyway.
TX
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
