andruhon commented on issue #376: WICKET-6682 add CSP nonce support: DecoratingHeaderResponse approach URL: https://github.com/apache/wicket/pull/376#issuecomment-511976815 I'm not sure that what I did with url encoding is correct. Essentially all attributes have slightly different rule. Most of attributes may content anything except the quote matching opening quote, the ID attribute can contain anything except spaces and blank line. I think the ValueMap#toString should only take care of quotes when rendering and escape them as appropriate. All other special escaping should be done by the developer in the header items, when added by a developer.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
