solomax commented on a change in pull request #376: WICKET-6682 add CSP nonce
support: DecoratingHeaderResponse approach
URL: https://github.com/apache/wicket/pull/376#discussion_r303282781
##########
File path:
wicket-core/src/main/java/org/apache/wicket/core/util/string/JavaScriptUtils.java
##########
@@ -148,32 +151,53 @@ public static void writeJavaScriptUrl(final Response
response, final CharSequenc
* a non null value specifies the charset attribute of the
script tag
* @param async
* specifies that the script can be loaded asynchronously by
the browser
+ * @deprecated please use {@link #writeJavaScriptUrl(Response,
IValueMap)} instead
*/
+ @Deprecated
public static void writeJavaScriptUrl(final Response response, final
CharSequence url,
final String id, boolean defer, String charset, boolean async)
{
- response.write("<script type=\"text/javascript\" ");
+ response.write("<script ");
+ AttributeMap attributes = new AttributeMap();
+ // XXX JS mimetype can be omitted (also see below)
+ attributes.add(HeaderItemAttribute.TYPE, "text/javascript");
+ attributes.add(HeaderItemAttribute.SCRIPT_SRC, url.toString());
if (id != null)
{
- response.write("id=\"" + Strings.escapeMarkup(id) + "\"
");
+ attributes.add(HeaderItemAttribute.ID,
String.valueOf(Strings.escapeMarkup(id)));
}
if (defer)
{
- response.write("defer=\"defer\" ");
+ attributes.add(HeaderItemAttribute.SCRIPT_DEFER,
"defer");
}
-
if (async)
{
- response.write("async=\"async\" ");
+ attributes.add(HeaderItemAttribute.SCRIPT_ASYNC,
"async");
}
-
if (charset != null)
{
- response.write("charset=\"" +
Strings.escapeMarkup(charset) + "\" ");
+ // FIXME charset attr is deprecated
+ //
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script#Deprecated_attributes
+ attributes.add("charset",
Strings.escapeMarkup(charset).toString());
}
- response.write("src=\"");
- response.write(url);
- response.write("\"></script>");
+ response.write(attributes.toString());
+ response.write("></script>");
+ response.write("\n");
+ }
+
+ /**
+ * Write a reference to a javascript file to the response object
+ *
+ * @param response
+ * The HTTP response
+ * @param attributes
+ * Extra tag attributes
+ */
+ public static void writeJavaScriptUrl(final Response response,
IValueMap attributes)
Review comment:
`writeJavaScriptAttributes` or `writeJavaScriptTagAttributes`
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
