Uploaded image for project: 'Wicket'
  1. Wicket
  2. WICKET-6731

CSP: inline JS in SubmitLink

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 9.0.0-M4
    • 9.0.0-M5
    • wicket-core
    • None

    Description

      org.apache.wicket.markup.html.formSubmitLink uses inline Javascript in two places.

      The href attribute is replaced with empty JS. This will cause a CSP violation. A different solution needs to be found. Probably via a JS event handler that calls event.preventDefault().

      tag.put("href", "javascript:;");

      The trigger javascript is rendered as onclick. This needs to be an event handler.

      tag.put("onclick", getTriggerJavaScript());

      Attachments

        Issue Links

          is a child of

          Task - A task that needs to be done. WICKET-6687 Cleanup the code from attribute inline styles and attribute inline scripts

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #402

          Activity

            People

              papegaaij Emond Papegaaij
              papegaaij Emond Papegaaij
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: