Uploaded image for project: 'Wicket'
  1. Wicket
  2. WICKET-6682

Improve JavaScriptContentHeaderItem and JavaScriptUtils to support nonce

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 8.5.0, 9.0.0-M2
    • 9.0.0-M4
    • wicket

    Description

      One of easy wins for content security policy would be a support of nonce for inline JavaScript header injections.

      https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#Unsafe_inline_script

      Criteria

      • Set up some kind of request unique nonce provider
      • Make it possible for JavaScript header items to have provided nonce
      • Add provided nonce to the `Content-Security-Policy: script-src` header

      See in code:
      org.apache.wicket.core.util.string.JavaScriptUtils#writeOpenTag
      org.apache.wicket.markup.head.JavaScriptContentHeaderItem#render

      Attachments

        Issue Links

          is a child of

          Improvement - An improvement or enhancement to an existing feature or task. WICKET-5406 Better Content Security Policy Support

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          is depended upon by

          Improvement - An improvement or enhancement to an existing feature or task. WICKET-6703 Eliminate window.eval from wicket-ajax-jquery

          • Major - Major loss of function.
          • Closed
          relates to

          Improvement - An improvement or enhancement to an existing feature or task. WICKET-6686 Clean up header items infrastructure (conditionals)

          • Major - Major loss of function.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. WICKET-6688 Add alternative RPC response to substitute the append java script in ajax response

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. WICKET-6321 Support Integrity and Crossorigin attributes for JavaScriptUrlReferenceHeaderItem

          • Major - Major loss of function.
          • Resolved

          Task - A task that needs to be done. WICKET-6687 Cleanup the code from attribute inline styles and attribute inline scripts

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #374

          Web Link GitHub Pull Request #376

          Activity

            People

              svenmeier Sven Meier
              Kondratev Andrew Kondratev
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: