andruhon commented on issue #378: WICKET-6688 add RFC support (to avoid unsafe eval) URL: https://github.com/apache/wicket/pull/378#issuecomment-524172283 Hi @svenmeier ! Now I see what do you mean. ```Java final Label c1 = new Label("c1", LambdaModel.of(this::getCounter1)) { @Override public void renderHead(IHeaderResponse response) { super.renderHead(response); response.render(OnDomReadyHeaderItem.forScript("console.log('c1 rendered')")); } }; ``` The code above will add ```JavaScript <evaluate> (function(){console.log('c1 rendered')})(); </evaluate> ``` to every response when `target.add(c1)` is called This could be worked around if the JS is registered in advance with some name resolved from component name, however something like this: ```Java final Label c1 = new Label("c1", LambdaModel.of(this::getCounter1)) { @Override public void renderHead(IHeaderResponse response) { super.renderHead(response); if (Math.random() > 0.5) { response.render(OnDomReadyHeaderItem.forScript("console.log('c1 rendered more')")); } else { response.render(OnDomReadyHeaderItem.forScript("console.log('c1 rendered less')")); } } }; ``` is not going to work. In this case both possible actions should be registered in advance. What do you think?
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
