Re: Ajax - component not rendered.

2022-11-07 Thread Laurent Duparchy 

Hi,

I got rid of this javascript error, that was due to incorrect design, I think.

devicesGroup is a CheckGroup


devicesGroup = new CheckGroup("devicesGroup", new ArrayList()) {
                @Override
                public boolean isVisible() {
                    super.isVisible();
                   .
                };
            };



but it contained also what seems to be a useless CheckGroupSelector.


// devicesGroup.add(new CheckGroupSelector("devicesGroupSelector"));


So, the javascript error is gone but the Ajax rendering is still flawed.

When I add both feedbackpanel and devicesGroup, nothing is rendered the Ajax 
response is as follow



id5 being the feedbackpanel (which is empty in the response)
id7 being the devicesGroup which still contains the deleted line.

All in all, this response does not take into account the added component for repainting. I added 
them to the Ajax "target" but perhaps I need to add them to a "parent" ?

I recall that if I add only the feedbackpanel for Ajax rendering, it is well 
painted.

generated markup :


WakeOnLan Utility Utility to start / wake up a computerSign Out









*Laurent Duparchy
ESRF - The European Synchrotron
MIS Unit
04 76 88 22 56*
Martin Grigorov wrote on 07/11/2022 20:57:

Hi Laurent,

The problem is the JavaScript error: Uncaught TypeError: b is null.

It seems there is some bug in
"Wicket.CheckboxSelector.updateSelectorState(c,e)},initializeSelector:function(c,d){var
b=document.getElementById(c); ..."

Due to this JS error Wicket cannot replace neither the feedback panel nor
any other component.

You should focus on debugging the JavaScript. If you don't know how to do
it then please create a quickstart app that reproduces the problem and
share it with us.


On Mon, Nov 7, 2022 at 6:37 PM Laurent Duparchy  wrote:


If I add the entire page (which is defeating the entire "Ajax" idea I
think.), it works. The new list is painted
  > target.get().add(getPage());

If I add only the feedback panel, it is is painted.
  > target.get().add(feedbackPanel);

If I add both, the feedbackpanel is not painted... Go figure.

I probably don't understand what a "target" is and I'm giving up that.
Sorry for being an annoyance.


*Laurent Duparchy
ESRF - The European Synchrotron
MIS Unit
04 76 88 22 56*
Laurent Duparchy wrote on 03/11/2022 10:11:

Yes I corrected that HTML too. (which was auto-corrected by browsers I

think, at least by Firefox).

I looked for errors in Firefox debugger.  The console reports a warning

then an error in a generated js :

Warning :

jQuery.Deferred exception: b is null updateSelectorState@

https://xx/misapps/wakeOnLan/wicket/resource/org.apache.wicket.markup.html.form.AbstractCheckSelector/CheckSelector-ver-1CE61F040D59ED57EADC3FBB51E1E02C.js:1:392
attachUpdateHandlers@
https://xx.esrf.fr/misapps/wakeOnLan/wicket/resource/org.apache.wicket.markup.html.form.AbstractCheckSelector/CheckSelector-ver-1CE61F040D59ED57EADC3FBB51E1E02C.js:1:598

Error :


Uncaught TypeError: b is null

  in



(function(a){if(typeof(Wicket.CheckboxSelector)==="object"){return}Wicket.CheckboxSelector={updateAllCheckboxes:function(f,e){var
d=e();for(var b=0;b0;for(var
d=0;d
d}},getCheckboxesFunction:function(b){return function(){var

c=[];for(var e=0;e

*Laurent Duparchy
ESRF - The European Synchrotron
MIS Unit
04 76 88 22 56*
Sven Meier wrote on 03/11/2022 09:38:

That HTML doesn't look valid to me:

Your THs belong inside a TR, and while you're at it move that one into

a THEAD.

https://www.w3schools.com/tags/tag_th.asp

Maybe this is just a problem with replacing the HTML in the browser,

this is why I adviced you to check the response of the Ajax request in the
Browser network tab.

Sven


On 03.11.22 08:11, Laurent Duparchy wrote:

You need more than that ?







  
  
  
  
  
  
   
...
  

*Laurent Duparchy
ESRF - The European Synchrotron
MIS Unit
04 76 88 22 56*
Sven Meier wrote on 02/11/2022 17:38:

Show us the relevant markup please.

Sven


On 02.11.22 15:13, Laurent Duparchy wrote:

Hi,

Yes, *devicesGroup *is initially visible. Everything seems fine in

terms of Ajax request/response.

When I add only the *feedbackpanel*, it is correctly added and

painted with the correct feedback message

When I add *devicesGroup*, nothing is repainted, including the

*feedbackpanel*.

I tried to add only the *userDevicesListView *for repaint, but there

is an error saying that it's not possible to add a repeater and to add its
parent... which is devicesGroup.

There's probably a flaw in the devicesGroup design. Basically it

contains a list of items w/ two possible ajax action : "check" and "delete".

"Check" will only gives a result in the feedback panel and is

working fine.

"Delete" will, you guessed, delete the item and repaint the list.

The item is truly d

Re: Blind XPath Injection Solution

2022-11-07 Thread Martin Terra 
TL;DR In general wicket app should do server side validation and if client
submits a valid query then it might not be a problem, or you need to add
validation.

Does this ring a bell?

**
Martin

ti 8. marrask. 2022 klo 6.03 Jonathan P. Babie (jba...@osc.ny.gov.invalid)
kirjoitti:

> Hello,
>
> Our Wicket web application went through an app scan.  We understand most
> problems that came back from the report and have solutions, but one that's
> troubling us is:
>
> Blind XPath Injection
> Severity: Medium
> CVSS Score: 6.4
> Entity: regionFormGroup:regionFormGroup_body:regionTextField (Parameter)
> Risk: It is possible to access information stored in a sensitive data
> resource
> Cause: Sanitation of hazardous characters was not performed correctly on
> user input
> Fix: Review possible solutions for hazardous character injection
> Difference:
> Parameter regionFormGroup:regionFormGroup_body:regionTextField manipulated
> from: b to: b%27+and+l​ast%28%29%3Dlast%28%29+or+%27
> Parameter regionFormGroup:regionFormGroup_body:regionTextField manipulated
> from: b to: b%27+and+not%28last%28%29%29%3Dlast%28%29+or%27
> Parameter regionFormGroup:regionFormGroup_body:regionTextField manipulated
> from: b to: b%27+and+position%28%29%3Dposition%28%29+or+%27
> Reasoning: The test result seems to indicate a vulnerability because it
> shows that values can be appended to parameter values, indicating that they
> were embedded in an Xpath query. In this test, four (or sometimes five)
> requests are sent. One of the last two should be logically equal to the
> original, and the request before that is different, and should yield empty
> result or error. Any others are for control purposes. A comparison between
> the responses of the equivalent requests, and those that are not equivalent
> with the first (the equivalent options are similar to it, and the erroneous
> one is different) indicates that the application is vulnerable.
>
> Test Requests and Responses:
> POST
> /lgmm/1EFGhfMAxecfRmNOJXeaL4DEM0H-EW58EQqlsCvFg2CrIQQFX7A73Gb1jkQR1RVAgGv-Ar-xgDmvL9rYCjIxJyUCSoIcSK57hbnGyvGyXBMLG_P37gUxG-gvskBCrGmZDb7eWl9v5shigfUuZPG54Nckxrw3uEsF01z1jdgTzDjsiYMQe_Wp04lViFNHIjn9LpPw9tg8gq5DRvPE2MTYlx82jMU_2xmlJJMYGoOTwwKnJRA94d_aqyTlatMrDzSr/1EFf1/rGm57
> HTTP/1.1
> Host: example.domain.com
> Connection: keep-alive
> sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106",
> "Not;A=Brand";v="99"
> sec-ch-ua-mobile: ?0
> Wicket-FocusedElementId: id87
> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
> (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
> Content-Type: application/x-www-form-urlencoded; charset=UTF-8
> Accept: application/xml, text/xml, */*; q=0.01
> Wicket-Ajax-BaseURL:
> 1EFGhfMAxecfRmNOJXeaL4DEM0H-EW58EQqlsCvFg2CrIQQFX7A73Gb1jkQR1RVAgGv-Ar-xgDmvL9rYCjIxJyUCSoIcSK57hbnGyvGyXBMLG_P37gUxG-gvskBCrGmZmajvnhPJ2o8/1EFf1/-gvdb
> X-Requested-With: XMLHttpRequest
> Wicket-Ajax: true
> sec-ch-ua-platform: "Windows"
> Origin: https://example.domain.com
> Sec-Fetch-Site: same-origin
> Sec-Fetch-Mode: cors
> Sec-Fetch-Dest: empty
> Referer:
> https://example.domain.com/lgmm/1EFGhfMAxecfRmNOJXeaL4DEM0H-EW58EQqlsCvFg2CrIQQFX7A73Gb1jkQR1RVAgGv-Ar-xgDmvL9rYCjIxJyUCSoIcSK57hbnGyvGyXBMLG_P37gUxG-gvskBCrGmZmajvnhPJ2o8/1EFf1/-gvdb
> Accept-Language
> :
> en-US
> Content-Length: 58
>
> regionFormGroup%3AregionFormGroup_body%3AregionTextField=b
>
> HTTP/1.1 200 OK
> Date: Fri, 28 Oct 2022 01:26:27 GMT
> X-Powered-By: Servlet/3.1
> Expires: Thu, 01 Jan 1970 00:00:00 GMT
> Pragma: no-cache
> Cache-Control: no-cache, no-store
> Ajax-Location:
> ../../1EFGhfMAxecfRmNOJXeaL4DEM0H-EW58EQqlsCvFg2CrIQQFX7A73Gb1jkQR1RVAgGv-Ar-xgDmvL9rYCjIxJyUCSoIcSK57hbnGyvGyXBMLG_P37gUxG-gvskBCrGmZGxUSqIGs5Tb2rcQ5fnAdfw/1EFf1/rYC7b
> Keep-Alive: timeout=5, max=94
> Connection: Keep-Alive
> Transfer-Encoding: chunked
> Content-Type: text/xml;charset=UTF-8
> Content-Language: en-US
> X-Frame-Options: SAMEORIGIN
> Strict-Transport-Security: max-age=31536000; preload
> 
>
>  
>  ...
> ...
> ...
> Content-Length: 96
>
>
> regionFormGroup%3AregionFormGroup_body%3AregionTextField=b%27+and+last%28%29%3Dlast%28%29+or+%27
>
> HTTP/1.1 200 OK
> Date: Fri, 28 Oct 2022 01:26:27 GMT
> X-Powered-By: Servlet/3.1
> ...
> ...
> ...
> Content-Length: 104
>
>
> regionFormGroup%3AregionFormGroup_body%3AregionTextField=b%27+and+not%28last%28%29%29%3Dlast%28%29+or%27
>
> HTTP/1.1 200 OK
> Date: Fri, 28 Oct 2022 01:26:27 GMT
> X-Powered-By: Servlet/3.1
> ...
> ...
> ...
> Content-Length: 104
>
>
> regionFormGroup%3AregionFormGroup_body%3AregionTextField=b%27+and+position%28%29%3Dposition%28%29+or+%27
>
> HTTP/1.1 200 OK
> Date: Fri, 28 Oct 2022 01:26:27 GMT
> X-Powered-By: Servlet/3.1
>
>
> We're having a hard time understanding what's even happening here or if
> it's a threat

Blind XPath Injection Solution

2022-11-07 Thread Jonathan P. Babie 
Hello,

Our Wicket web application went through an app scan.  We understand most 
problems that came back from the report and have solutions, but one that's 
troubling us is:

Blind XPath Injection
Severity: Medium
CVSS Score: 6.4
Entity: regionFormGroup:regionFormGroup_body:regionTextField (Parameter)
Risk: It is possible to access information stored in a sensitive data resource
Cause: Sanitation of hazardous characters was not performed correctly on user 
input
Fix: Review possible solutions for hazardous character injection
Difference:
Parameter regionFormGroup:regionFormGroup_body:regionTextField manipulated 
from: b to: b%27+and+l​ast%28%29%3Dlast%28%29+or+%27
Parameter regionFormGroup:regionFormGroup_body:regionTextField manipulated 
from: b to: b%27+and+not%28last%28%29%29%3Dlast%28%29+or%27
Parameter regionFormGroup:regionFormGroup_body:regionTextField manipulated 
from: b to: b%27+and+position%28%29%3Dposition%28%29+or+%27
Reasoning: The test result seems to indicate a vulnerability because it shows 
that values can be appended to parameter values, indicating that they were 
embedded in an Xpath query. In this test, four (or sometimes five) requests are 
sent. One of the last two should be logically equal to the original, and the 
request before that is different, and should yield empty result or error. Any 
others are for control purposes. A comparison between the responses of the 
equivalent requests, and those that are not equivalent with the first (the 
equivalent options are similar to it, and the erroneous one is different) 
indicates that the application is vulnerable.

Test Requests and Responses:
POST 
/lgmm/1EFGhfMAxecfRmNOJXeaL4DEM0H-EW58EQqlsCvFg2CrIQQFX7A73Gb1jkQR1RVAgGv-Ar-xgDmvL9rYCjIxJyUCSoIcSK57hbnGyvGyXBMLG_P37gUxG-gvskBCrGmZDb7eWl9v5shigfUuZPG54Nckxrw3uEsF01z1jdgTzDjsiYMQe_Wp04lViFNHIjn9LpPw9tg8gq5DRvPE2MTYlx82jMU_2xmlJJMYGoOTwwKnJRA94d_aqyTlatMrDzSr/1EFf1/rGm57
 HTTP/1.1
Host: example.domain.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
Wicket-FocusedElementId: id87
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 
(KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: application/xml, text/xml, */*; q=0.01
Wicket-Ajax-BaseURL: 
1EFGhfMAxecfRmNOJXeaL4DEM0H-EW58EQqlsCvFg2CrIQQFX7A73Gb1jkQR1RVAgGv-Ar-xgDmvL9rYCjIxJyUCSoIcSK57hbnGyvGyXBMLG_P37gUxG-gvskBCrGmZmajvnhPJ2o8/1EFf1/-gvdb
X-Requested-With: XMLHttpRequest
Wicket-Ajax: true
sec-ch-ua-platform: "Windows"
Origin: https://example.domain.com
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: 
https://example.domain.com/lgmm/1EFGhfMAxecfRmNOJXeaL4DEM0H-EW58EQqlsCvFg2CrIQQFX7A73Gb1jkQR1RVAgGv-Ar-xgDmvL9rYCjIxJyUCSoIcSK57hbnGyvGyXBMLG_P37gUxG-gvskBCrGmZmajvnhPJ2o8/1EFf1/-gvdb
Accept-Language: en-US
Content-Length: 58

regionFormGroup%3AregionFormGroup_body%3AregionTextField=b

HTTP/1.1 200 OK
Date: Fri, 28 Oct 2022 01:26:27 GMT
X-Powered-By: Servlet/3.1
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store
Ajax-Location: 
../../1EFGhfMAxecfRmNOJXeaL4DEM0H-EW58EQqlsCvFg2CrIQQFX7A73Gb1jkQR1RVAgGv-Ar-xgDmvL9rYCjIxJyUCSoIcSK57hbnGyvGyXBMLG_P37gUxG-gvskBCrGmZGxUSqIGs5Tb2rcQ5fnAdfw/1EFf1/rYC7b
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/xml;charset=UTF-8
Content-Language: en-US
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; preload

Re: Host Header Injection Solution

2022-11-07 Thread Jonathan P. Babie 
I apologize, it looks like the screenshot I provided didn't come through, here 
are the details describing the problem:

Host Header Injection
Severity: Low
CVSS Score: 5.0
URL: https://example.domain.com/lgmm
Entity: lgmm (Page)
Risk: It is possible to persuade a naive user to supply sensitive information 
such as username, password, credit card number, social security number etc.
It is possible to deface the site content through web-cache poisoning Cause: 
Lack of input validation and sanitization Fix: Construct HTTP headers very 
carefully, avoiding the use of non-validated/unsanitized input data Difference: 
Header Host manipulated from: https://example.domain.com/lgmm to: 
appscanheaderinjection.com
Reasoning: The value AppScan injected seems to be included in the response.

Test Requests and Responses:
GET /lgmm HTTP/1.1
Host: appscanheaderinjection.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 
(KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: 
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://example.domain.com/lgmm
Accept-Language: en-US
Cookie: _ga=GA1.3.1391786996.1665688780; _gid=GA1.3.367705640.123649; 
WASJSESSIONID=A4ALFyhmv7lv15hiAc5MRjO:1clm7f9nj; _gat=1;
LtpaToken2=4cbGpnckNcEuOVjnLrtO77dS96v5jomlaNb0QiVW9K9Elp4dZUMwJ9l3ZdUxee6J5WnM1IJX+qfnqBA4Fw6vz753dxnxDb2uvdfb/utmXpiT8O0zVFS4rPCPviz3+NzaeEHYigRKdrCJcgFS8b7IFpklrPbq4byZUS9+Fojo7lqCoWuTzS4YCleCWrH1417WL83blA/CIcJQx9qRJ4PtPN/hK5gJuXY1IN6uRNvKbDKLtpEftuHEu4ldcDP9DrGBfLJS8CZ+Y3WIWxfyG78awGj7pM2c76rqkUxd/jYfFJJA4ja0M4tOh6tkOPqimE1wvSzirmFMcEEDP+Dd9yYfUp2j+ZE1wXysfWZbF9nUotTXqFl28ICw6FurFHSvVgV8nmliIp7LJt7PFG4HPp1Rdk3W5vR921uP3GjMAfkfwpwhzkqV5o8cZCBvJ3th6iTA9ClrZ/VCauBQi9MMmlENrJpkejh+jyQaE8HpuH1AvCBa6hOOyKoaumQpNncQqGQ7DcNHa47seKXzpXJeEJ66nNHmLuSWP1Cpap07p0FUGTFLK68Qp4BoqeoZJQke3BrzwHV9kAXhDEuDxigHJdz/iG9kLExE38SQfljvm0qAGGyzRH4LNpokc+JKVii/bCyI1mCzq+1bEXUMjt7KiXHCgH4v7AdL0Sdajkc9KQb5RLo=

HTTP/1.1 302 Found
Date: Fri, 28 Oct 2022 01:06:10 GMT
X-Powered-By: Servlet/3.1
Location: https://appscanheaderinjection.com/lgmm/
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Language: en-US
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; preload


Jonathan Babie

Java Applications Developer

Work: (838) 910-4274


From: Jonathan P. Babie
Sent: Monday, November 7, 2022 9:38 PM
To: users@wicket.apache.org 
Subject: Host Header Injection Solution

Hello,

Our Wicket web application went through an app scan.  We understand most 
problems that came back from the report and have solutions, but one that's 
troubling us is:

[cid:f744744c-2d7a-4cd8-9179-ef02d9dc6ea4]
I've omitted our URLs, but essentially it seems they were able to manipulate 
the hostname to a different url.

Unfortunately we weren't given much context aside from this report.

We assume that there are three avenues for us to resolve this:

  1.  Wicket configuration
  2.  Server configuration
  3.  Non-issue (if this problem is addressed with the framework itself and we 
don't need to worry about it)

We did come across this filter that might be a solution:

getRequestCycleListeners().add(new 
CsrfPreventionRequestCycleListener().addAcceptedOrigin("[domain]"));

Would adding this to our application resolve the above problem?

If there's any information you could provide as to how we can address it, we 
would greatly appreciate it.

Thank you,


Jonathan Babie

Java Applications Developer

Work: (838) 910-4274

Personal: (518) 331-8758

Notice: This communication, including any attachments, is intended solely for 
the use of the individual or entity to which it is addressed. This 
communication may contain information that is protected from disclosure under 
State and/or Federal law. Please notify the sender immediately if you have 
received this communication in error and delete this email from your system. If 
you are not the intended recipient, you are requested not to disclose, copy, 
distribute or take any action in reliance on the contents of this information.

Host Header Injection Solution

2022-11-07 Thread Jonathan P. Babie 
Hello,

Our Wicket web application went through an app scan.  We understand most 
problems that came back from the report and have solutions, but one that's 
troubling us is:

[cid:f744744c-2d7a-4cd8-9179-ef02d9dc6ea4]
I've omitted our URLs, but essentially it seems they were able to manipulate 
the hostname to a different url.

Unfortunately we weren't given much context aside from this report.

We assume that there are three avenues for us to resolve this:

  1.  Wicket configuration
  2.  Server configuration
  3.  Non-issue (if this problem is addressed with the framework itself and we 
don't need to worry about it)

We did come across this filter that might be a solution:

getRequestCycleListeners().add(new 
CsrfPreventionRequestCycleListener().addAcceptedOrigin("[domain]"));

Would adding this to our application resolve the above problem?

If there's any information you could provide as to how we can address it, we 
would greatly appreciate it.

Thank you,


Jonathan Babie

Java Applications Developer

Work: (838) 910-4274

Personal: (518) 331-8758

Notice: This communication, including any attachments, is intended solely for 
the use of the individual or entity to which it is addressed. This 
communication may contain information that is protected from disclosure under 
State and/or Federal law. Please notify the sender immediately if you have 
received this communication in error and delete this email from your system. If 
you are not the intended recipient, you are requested not to disclose, copy, 
distribute or take any action in reliance on the contents of this information.

Re: Ajax - component not rendered.

2022-11-07 Thread Martin Grigorov 
Hi Laurent,

The problem is the JavaScript error: Uncaught TypeError: b is null.

It seems there is some bug in
"Wicket.CheckboxSelector.updateSelectorState(c,e)},initializeSelector:function(c,d){var
b=document.getElementById(c); ..."

Due to this JS error Wicket cannot replace neither the feedback panel nor
any other component.

You should focus on debugging the JavaScript. If you don't know how to do
it then please create a quickstart app that reproduces the problem and
share it with us.


On Mon, Nov 7, 2022 at 6:37 PM Laurent Duparchy  wrote:

> If I add the entire page (which is defeating the entire "Ajax" idea I
> think.), it works. The new list is painted
>  > target.get().add(getPage());
>
> If I add only the feedback panel, it is is painted.
>  > target.get().add(feedbackPanel);
>
> If I add both, the feedbackpanel is not painted... Go figure.
>
> I probably don't understand what a "target" is and I'm giving up that.
> Sorry for being an annoyance.
>
>
> *Laurent Duparchy
> ESRF - The European Synchrotron
> MIS Unit
> 04 76 88 22 56*
> Laurent Duparchy wrote on 03/11/2022 10:11:
> > Yes I corrected that HTML too. (which was auto-corrected by browsers I
> think, at least by Firefox).
> >
> > I looked for errors in Firefox debugger.  The console reports a warning
> then an error in a generated js :
> >
> > Warning :
> >> jQuery.Deferred exception: b is null updateSelectorState@
> https://xx/misapps/wakeOnLan/wicket/resource/org.apache.wicket.markup.html.form.AbstractCheckSelector/CheckSelector-ver-1CE61F040D59ED57EADC3FBB51E1E02C.js:1:392
> attachUpdateHandlers@
> https://xx.esrf.fr/misapps/wakeOnLan/wicket/resource/org.apache.wicket.markup.html.form.AbstractCheckSelector/CheckSelector-ver-1CE61F040D59ED57EADC3FBB51E1E02C.js:1:598
> >
> > Error :
> >
> >> Uncaught TypeError: b is null
> >>
> >>  in
> >>
> >>
> (function(a){if(typeof(Wicket.CheckboxSelector)==="object"){return}Wicket.CheckboxSelector={updateAllCheckboxes:function(f,e){var
> d=e();for(var b=0;b c=d[b];if(c.checked!==f){c.click()}}},updateSelectorState:function(e,g){var
> f=g(),c=f.length>0;for(var
> d=0;d b=document.getElementById(e);b.checked=c},attachUpdateHandlers:function(c,e){var
> d=e(),f=function(){Wicket.CheckboxSelector.updateSelectorState(c,e)};for(var
> b=0;b b=document.getElementById(c);Wicket.Event.add(b,"click",function(){Wicket.CheckboxSelector.updateAllCheckboxes(b.checked,d)})},findCheckboxesFunction:function(c,b){return
> function(){var d=[];var
> g=document.getElementById(c).getElementsByTagName("input");for(var
> e=0;e >> d}},getCheckboxesFunction:function(b){return function(){var
> c=[];for(var e=0;e d=document.getElementById(b[e]);if(d){c.push(d)}}return c)();
> >
> >
> >
> >
> > *Laurent Duparchy
> > ESRF - The European Synchrotron
> > MIS Unit
> > 04 76 88 22 56*
> > Sven Meier wrote on 03/11/2022 09:38:
> >> That HTML doesn't look valid to me:
> >>
> >> Your THs belong inside a TR, and while you're at it move that one into
> a THEAD.
> >>
> >> https://www.w3schools.com/tags/tag_th.asp
> >>
> >> Maybe this is just a problem with replacing the HTML in the browser,
> this is why I adviced you to check the response of the Ajax request in the
> Browser network tab.
> >>
> >> Sven
> >>
> >>
> >> On 03.11.22 08:11, Laurent Duparchy wrote:
> >>> You need more than that ?
> >>>
>  
> 
> 
> 
> 
>   
>   
>   
>   
>   
>   
>    
>  ...
>   
> >>>
> >>>
> >>>
> >>> *Laurent Duparchy
> >>> ESRF - The European Synchrotron
> >>> MIS Unit
> >>> 04 76 88 22 56*
> >>> Sven Meier wrote on 02/11/2022 17:38:
>  Show us the relevant markup please.
> 
>  Sven
> 
> 
>  On 02.11.22 15:13, Laurent Duparchy wrote:
> > Hi,
> >
> > Yes, *devicesGroup *is initially visible. Everything seems fine in
> terms of Ajax request/response.
> >
> > When I add only the *feedbackpanel*, it is correctly added and
> painted with the correct feedback message
> > When I add *devicesGroup*, nothing is repainted, including the
> *feedbackpanel*.
> >
> > I tried to add only the *userDevicesListView *for repaint, but there
> is an error saying that it's not possible to add a repeater and to add its
> parent... which is devicesGroup.
> >
> > There's probably a flaw in the devicesGroup design. Basically it
> contains a list of items w/ two possible ajax action : "check" and "delete".
> >
> > "Check" will only gives a result in the feedback panel and is
> working fine.
> > "Delete" will, you guessed, delete the item and repaint the list.
> The item is truly deleted, in the database and /userDevices /list is
> reloaded.
> >
> >
> > it is designed as follow (worked fined w/ Wicket 1.4)
> > /
> > private class UserDevicesLoadableDetacha

Re: Ajax - component not rendered.

2022-11-07 Thread Laurent Duparchy 

If I add the entire page (which is defeating the entire "Ajax" idea I 
think.), it works. The new list is painted
> target.get().add(getPage());

If I add only the feedback panel, it is is painted.
> target.get().add(feedbackPanel);

If I add both, the feedbackpanel is not painted... Go figure.

I probably don't understand what a "target" is and I'm giving up that.
Sorry for being an annoyance.


*Laurent Duparchy
ESRF - The European Synchrotron
MIS Unit
04 76 88 22 56*
Laurent Duparchy wrote on 03/11/2022 10:11:

Yes I corrected that HTML too. (which was auto-corrected by browsers I think, 
at least by Firefox).

I looked for errors in Firefox debugger.  The console reports a warning then an 
error in a generated js :

Warning :

jQuery.Deferred exception: b is null 
updateSelectorState@https://xx/misapps/wakeOnLan/wicket/resource/org.apache.wicket.markup.html.form.AbstractCheckSelector/CheckSelector-ver-1CE61F040D59ED57EADC3FBB51E1E02C.js:1:392
 
attachUpdateHandlers@https://xx.esrf.fr/misapps/wakeOnLan/wicket/resource/org.apache.wicket.markup.html.form.AbstractCheckSelector/CheckSelector-ver-1CE61F040D59ED57EADC3FBB51E1E02C.js:1:598


Error :


Uncaught TypeError: b is null

 in

(function(a){if(typeof(Wicket.CheckboxSelector)==="object"){return}Wicket.CheckboxSelector={updateAllCheckboxes:function(f,e){var d=e();for(var b=0;b0;for(var d=0;dd}},getCheckboxesFunction:function(b){return function(){var c=[];for(var e=0;e




*Laurent Duparchy
ESRF - The European Synchrotron
MIS Unit
04 76 88 22 56*
Sven Meier wrote on 03/11/2022 09:38:

That HTML doesn't look valid to me:

Your THs belong inside a TR, and while you're at it move that one into a THEAD.

https://www.w3schools.com/tags/tag_th.asp

Maybe this is just a problem with replacing the HTML in the browser, this is 
why I adviced you to check the response of the Ajax request in the Browser 
network tab.

Sven


On 03.11.22 08:11, Laurent Duparchy wrote:

You need more than that ?



   
   

   
 
 
 
 
 
 
  
...
  




*Laurent Duparchy
ESRF - The European Synchrotron
MIS Unit
04 76 88 22 56*
Sven Meier wrote on 02/11/2022 17:38:

Show us the relevant markup please.

Sven


On 02.11.22 15:13, Laurent Duparchy wrote:

Hi,

Yes, *devicesGroup *is initially visible. Everything seems fine in terms of 
Ajax request/response.

When I add only the *feedbackpanel*, it is correctly added and painted with the 
correct feedback message
When I add *devicesGroup*, nothing is repainted, including the *feedbackpanel*.

I tried to add only the *userDevicesListView *for repaint, but there is an 
error saying that it's not possible to add a repeater and to add its parent... 
which is devicesGroup.

There's probably a flaw in the devicesGroup design. Basically it contains a list of items w/ two 
possible ajax action : "check" and "delete".

"Check" will only gives a result in the feedback panel and is working fine.
"Delete" will, you guessed, delete the item and repaint the list. The item is 
truly deleted, in the database and /userDevices /list is reloaded.


it is designed as follow (worked fined w/ Wicket 1.4)
/
private class UserDevicesLoadableDetachableModel extends 
LoadableDetachableModel {

    private List userDevices ;
...
}

private class UserDevicesListView extends ListView {

    public UserDevicesListView(String id, 
UserDevicesLoadableDetachableModel imodel) {
        super(id, imodel);
    }
...
}
/

/userDevicesListView = new UserDevicesListView("userDevicesListView", 
userDevicesLoadableDetachableModel);//
/
/devicesGroup = new CheckGroup("devicesGroup", new ArrayList<>()){//
//    public boolean isVisible() {...}//
//} /
/devicesGroup.setOutputMarkupId(true);//
//devicesGroup.setOutputMarkupPlaceholderTag(true);//
//devicesGroup.setRenderBodyOnly(false);//
//devicesGroup.add(new CheckGroupSelector("devicesGroupSelector"));//
//devicesGroup.add(userDevicesListView);//
//

//
/
*Laurent Duparchy
ESRF - The European Synchrotron
MIS Unit
04 76 88 22 56*
Ernesto Reinaldo Barreiro wrote on 29/10/2022 04:06:

Hi,

is devicesGroup initially visible? if not you need to
setOutputMarkupplaceHolder(true) in it. Because otherwise wicket will not
output anything for it and AJAX replacement will fail at client side.

On Fri, Oct 28, 2022 at 4:27 PM Martin Grigorov
wrote:


Hi Laurent,

Few questions:
1) is the Ajax call actually executed ?
Set a breakpoint inside #onClick() and see whether it breaks
2) Is there any error (Java or JavaScript) ?
Check both the server logs and the browser console


On Fri, Oct 28, 2022 at 10:45 AM Laurent Duparchy
wrote:


Hi,

Sorry for the basic question If this is the wrong place to ask,

please

tell me.
If there is a relevant documentation to read, tell me as well.

I'm upgrading a very old & small app from Wicket 1.4 to Wicket 9.

Following an Aj