Uploaded image for project: 'Wicket'
  1. Wicket
  2. WICKET-6688

Add alternative RPC response to substitute the append java script in ajax response

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • None
    • None
    • None
    • None

    Description

      Some kind of RPC could be added to eliminate 'unsafe-eval' in CSP headers for faster JS execution.

      The idea is the following, instead of doing `target.appendJavaScript("doSomething()")` we could do something like this `target.appendRemoteCall("doSomething", "val1", "val2")`, the JS function could be rendered by the component/behavior as inline <script> (which can be nonced).

      https://github.com/apache/wicket/pull/378

       

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. WICKET-6682 Improve JavaScriptContentHeaderItem and JavaScriptUtils to support nonce

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. WICKET-6703 Eliminate window.eval from wicket-ajax-jquery

          • Major - Major loss of function.
          • Closed
          links to

          Web Link GitHub Pull Request #378

          Web Link GitHub Pull Request #382

          Activity

            People

              Unassigned Unassigned
              Kondratev Andrew Kondratev
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: