Re: Generate markup for hidden framework form field?
janneru schrieb: i also just found a similar one by uwe schaefer: http://www.codesmell.org/blog/2008/12/wicket-secureform/ cheers uwe. note that it is just a copy of what mighty igor posted here :) i´m using it in production a lot. thx again, igor. cu uwe - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Generate markup for hidden framework form field?
thx jörn for sharing ur solution!
i also just found a similar one by uwe schaefer:
http://www.codesmell.org/blog/2008/12/wicket-secureform/
cheers uwe.
On Tue, May 26, 2009 at 2:43 PM, Jörn Zaefferer
wrote:
> Thanks guys! The end result looks like this, works fine, and removed a
> lot of html boilderplate from our templates:
>
> public SecureForm(String id, IModel model) {
> super(id, model);
> setMarkupId(id);
> add(new IFormValidator() {
> �...@override
> public void validate(Form form) {
> String submitted =
> getRequest().getParameter("csrf-protection");
> if
> (Application.get().getConfigurationType().equals(Application.DEPLOYMENT)
> && !csrfProtection().equals(submitted)) {
> log.warn("potential csrf attack, submitted
> value: " + submitted +
> ", expected: " + csrfProtection());
> form.error("wrong csrf protection cookie");
> }
> }
>
> �...@override
> public FormComponent[] getDependentFormComponents() {
> return null;
> }
> });
> }
>
> @Override
> protected void onComponentTagBody(MarkupStream markupStream,
> ComponentTag openTag) {
> getResponse().write(new AppendingStringBuffer(" type=\"hidden\" name=\"csrf-protection\"
> value=\"").append(csrfProtection()).append("\" />"));
> super.onComponentTagBody(markupStream, openTag);
> }
>
> Jörn
>
> On Tue, May 26, 2009 at 2:23 PM, Jörn Zaefferer
> wrote:
>> The current component (the HiddenField) checks that the same value
>> that it started with, is submitted. I'll try to replace that using a
>> form validator that reads the parameter directly.
>>
>> Thanks
>> Jörn
>>
>> On Tue, May 26, 2009 at 1:32 PM, Maarten Bosteels
>> wrote:
>>> When you write it out with oncomponenttagbody it's not part of the
>>> component hierarchy, it's just rendered markup.
>>> Once the form is submitted, you can retrieve the value using the servlet
>>> API.
>>> What behavior would you want to add on top ?
>>>
>>> Maarten
>>>
>>>
>>> On Tue, May 26, 2009 at 12:17 PM, Jörn Zaefferer <
>>> joern.zaeffe...@googlemail.com> wrote:
>>>
How is that going the fix the problem? I'd end up with markup, but no
behaviour on top of it.
Jörn
On Mon, May 25, 2009 at 5:52 PM, Igor Vaynberg
wrote:
> right, so remove that code since you have replaced that component with
> pure markup.
>
> -igor
>
> On Mon, May 25, 2009 at 8:48 AM, Jörn Zaefferer
> wrote:
>> That was the idea. But Wicket still can't find the component markup
>> when looking for it. The form adds this elsewhere:
>>
>> add(new HiddenField("csrf-protection", new
>> Model(csrfProtection())).setRequired(true).add(new
>> IValidator() {
>> public void validate(IValidatable validatable) {
>> log.warn("potential csrf attack, submitted value: " +
>> validatable.getValue() + ", expected: " + csrfProtection());
>> validatable.error(new ValidationError().setMessage("wrong
csrf
>> protection cookie"));
>> }
>> }));
>>
>> Jörn
>>
>> On Mon, May 25, 2009 at 5:44 PM, Igor Vaynberg
wrote:
>>> if you write it out in oncomponenttagbody then you dont need it in the
>>> markupo anymore.
>>>
>>> -igor
>>>
>>> On Mon, May 25, 2009 at 6:32 AM, Jörn Zaefferer
>>> wrote:
Hi,
my application uses a form subclass everywhere for CSRF protection.
Each form needs a hidden field like this: >>> wicket:id="csrf-protection" />
The wicket component for that is added by the form subclass
(SecureForm) which all other forms in the application extend.
Currently each form has to include that markup somewhere, producing a
lot of duplication.
I'm looking for a way to get rid of that duplication. An approach I'm
currently investigating is to generate the markup, similar to how Form
genrates a hidden input it its onComponentTagBody:
@Override
protected void onComponentTagBody(MarkupStream markupStream,
ComponentTag openTag) {
String nameAndId = get("csrf-protection").getId();
AppendingStringBuffer buffer = new AppendingStringBuffer(
">>> />");
getResponse().write(buffer);
super.onComponentTagBody(markupStream, openTag);
}
That doesn't work, Wicket throws an exception of a missing reference
in markup anyway. Likely because this just writes to the response, not
extending the markup.
I also don't see any way to achieve this via MarkupS
Re: Generate markup for hidden framework form field?
Thanks guys! The end result looks like this, works fine, and removed a
lot of html boilderplate from our templates:
public SecureForm(String id, IModel model) {
super(id, model);
setMarkupId(id);
add(new IFormValidator() {
@Override
public void validate(Form form) {
String submitted =
getRequest().getParameter("csrf-protection");
if
(Application.get().getConfigurationType().equals(Application.DEPLOYMENT)
&& !csrfProtection().equals(submitted)) {
log.warn("potential csrf attack, submitted
value: " + submitted +
", expected: " + csrfProtection());
form.error("wrong csrf protection cookie");
}
}
@Override
public FormComponent[] getDependentFormComponents() {
return null;
}
});
}
@Override
protected void onComponentTagBody(MarkupStream markupStream,
ComponentTag openTag) {
getResponse().write(new AppendingStringBuffer(""));
super.onComponentTagBody(markupStream, openTag);
}
Jörn
On Tue, May 26, 2009 at 2:23 PM, Jörn Zaefferer
wrote:
> The current component (the HiddenField) checks that the same value
> that it started with, is submitted. I'll try to replace that using a
> form validator that reads the parameter directly.
>
> Thanks
> Jörn
>
> On Tue, May 26, 2009 at 1:32 PM, Maarten Bosteels
> wrote:
>> When you write it out with oncomponenttagbody it's not part of the
>> component hierarchy, it's just rendered markup.
>> Once the form is submitted, you can retrieve the value using the servlet
>> API.
>> What behavior would you want to add on top ?
>>
>> Maarten
>>
>>
>> On Tue, May 26, 2009 at 12:17 PM, Jörn Zaefferer <
>> joern.zaeffe...@googlemail.com> wrote:
>>
>>> How is that going the fix the problem? I'd end up with markup, but no
>>> behaviour on top of it.
>>>
>>> Jörn
>>>
>>> On Mon, May 25, 2009 at 5:52 PM, Igor Vaynberg
>>> wrote:
>>> > right, so remove that code since you have replaced that component with
>>> > pure markup.
>>> >
>>> > -igor
>>> >
>>> > On Mon, May 25, 2009 at 8:48 AM, Jörn Zaefferer
>>> > wrote:
>>> >> That was the idea. But Wicket still can't find the component markup
>>> >> when looking for it. The form adds this elsewhere:
>>> >>
>>> >> add(new HiddenField("csrf-protection", new
>>> >> Model(csrfProtection())).setRequired(true).add(new
>>> >> IValidator() {
>>> >> public void validate(IValidatable validatable) {
>>> >> log.warn("potential csrf attack, submitted value: " +
>>> >> validatable.getValue() + ", expected: " + csrfProtection());
>>> >> validatable.error(new ValidationError().setMessage("wrong
>>> csrf
>>> >> protection cookie"));
>>> >> }
>>> >> }));
>>> >>
>>> >> Jörn
>>> >>
>>> >> On Mon, May 25, 2009 at 5:44 PM, Igor Vaynberg
>>> wrote:
>>> >>> if you write it out in oncomponenttagbody then you dont need it in the
>>> >>> markupo anymore.
>>> >>>
>>> >>> -igor
>>> >>>
>>> >>> On Mon, May 25, 2009 at 6:32 AM, Jörn Zaefferer
>>> >>> wrote:
>>> Hi,
>>>
>>> my application uses a form subclass everywhere for CSRF protection.
>>> Each form needs a hidden field like this: >> wicket:id="csrf-protection" />
>>> The wicket component for that is added by the form subclass
>>> (SecureForm) which all other forms in the application extend.
>>>
>>> Currently each form has to include that markup somewhere, producing a
>>> lot of duplication.
>>>
>>> I'm looking for a way to get rid of that duplication. An approach I'm
>>> currently investigating is to generate the markup, similar to how Form
>>> genrates a hidden input it its onComponentTagBody:
>>>
>>> @Override
>>> protected void onComponentTagBody(MarkupStream markupStream,
>>> ComponentTag openTag) {
>>> String nameAndId = get("csrf-protection").getId();
>>> AppendingStringBuffer buffer = new AppendingStringBuffer(
>>> ">> />");
>>> getResponse().write(buffer);
>>> super.onComponentTagBody(markupStream, openTag);
>>> }
>>>
>>> That doesn't work, Wicket throws an exception of a missing reference
>>> in markup anyway. Likely because this just writes to the response, not
>>> extending the markup.
>>> I also don't see any way to achieve this via MarkupStream or
>>> ComponentTag.
>>>
>>> Any ideas?
>>>
>>> Regards
>>> Jörn Zaefferer
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>>> For additional commands, e-mail: users-h...@wicket.apache.org
>>>
>>>
>>> >>>
>>> >>> -
>>> >>> T
Re: Generate markup for hidden framework form field?
The current component (the HiddenField) checks that the same value
that it started with, is submitted. I'll try to replace that using a
form validator that reads the parameter directly.
Thanks
Jörn
On Tue, May 26, 2009 at 1:32 PM, Maarten Bosteels
wrote:
> When you write it out with oncomponenttagbody it's not part of the
> component hierarchy, it's just rendered markup.
> Once the form is submitted, you can retrieve the value using the servlet
> API.
> What behavior would you want to add on top ?
>
> Maarten
>
>
> On Tue, May 26, 2009 at 12:17 PM, Jörn Zaefferer <
> joern.zaeffe...@googlemail.com> wrote:
>
>> How is that going the fix the problem? I'd end up with markup, but no
>> behaviour on top of it.
>>
>> Jörn
>>
>> On Mon, May 25, 2009 at 5:52 PM, Igor Vaynberg
>> wrote:
>> > right, so remove that code since you have replaced that component with
>> > pure markup.
>> >
>> > -igor
>> >
>> > On Mon, May 25, 2009 at 8:48 AM, Jörn Zaefferer
>> > wrote:
>> >> That was the idea. But Wicket still can't find the component markup
>> >> when looking for it. The form adds this elsewhere:
>> >>
>> >> add(new HiddenField("csrf-protection", new
>> >> Model(csrfProtection())).setRequired(true).add(new
>> >> IValidator() {
>> >> public void validate(IValidatable validatable) {
>> >> log.warn("potential csrf attack, submitted value: " +
>> >> validatable.getValue() + ", expected: " + csrfProtection());
>> >> validatable.error(new ValidationError().setMessage("wrong
>> csrf
>> >> protection cookie"));
>> >> }
>> >> }));
>> >>
>> >> Jörn
>> >>
>> >> On Mon, May 25, 2009 at 5:44 PM, Igor Vaynberg
>> wrote:
>> >>> if you write it out in oncomponenttagbody then you dont need it in the
>> >>> markupo anymore.
>> >>>
>> >>> -igor
>> >>>
>> >>> On Mon, May 25, 2009 at 6:32 AM, Jörn Zaefferer
>> >>> wrote:
>> Hi,
>>
>> my application uses a form subclass everywhere for CSRF protection.
>> Each form needs a hidden field like this: > wicket:id="csrf-protection" />
>> The wicket component for that is added by the form subclass
>> (SecureForm) which all other forms in the application extend.
>>
>> Currently each form has to include that markup somewhere, producing a
>> lot of duplication.
>>
>> I'm looking for a way to get rid of that duplication. An approach I'm
>> currently investigating is to generate the markup, similar to how Form
>> genrates a hidden input it its onComponentTagBody:
>>
>> @Override
>> protected void onComponentTagBody(MarkupStream markupStream,
>> ComponentTag openTag) {
>> String nameAndId = get("csrf-protection").getId();
>> AppendingStringBuffer buffer = new AppendingStringBuffer(
>> "> />");
>> getResponse().write(buffer);
>> super.onComponentTagBody(markupStream, openTag);
>> }
>>
>> That doesn't work, Wicket throws an exception of a missing reference
>> in markup anyway. Likely because this just writes to the response, not
>> extending the markup.
>> I also don't see any way to achieve this via MarkupStream or
>> ComponentTag.
>>
>> Any ideas?
>>
>> Regards
>> Jörn Zaefferer
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>> For additional commands, e-mail: users-h...@wicket.apache.org
>>
>>
>> >>>
>> >>> -
>> >>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>> >>> For additional commands, e-mail: users-h...@wicket.apache.org
>> >>>
>> >>>
>> >>
>> >> -
>> >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>> >> For additional commands, e-mail: users-h...@wicket.apache.org
>> >>
>> >>
>> >
>> > -
>> > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>> > For additional commands, e-mail: users-h...@wicket.apache.org
>> >
>> >
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>> For additional commands, e-mail: users-h...@wicket.apache.org
>>
>>
>
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
Re: Generate markup for hidden framework form field?
When you write it out with oncomponenttagbody it's not part of the
component hierarchy, it's just rendered markup.
Once the form is submitted, you can retrieve the value using the servlet
API.
What behavior would you want to add on top ?
Maarten
On Tue, May 26, 2009 at 12:17 PM, Jörn Zaefferer <
joern.zaeffe...@googlemail.com> wrote:
> How is that going the fix the problem? I'd end up with markup, but no
> behaviour on top of it.
>
> Jörn
>
> On Mon, May 25, 2009 at 5:52 PM, Igor Vaynberg
> wrote:
> > right, so remove that code since you have replaced that component with
> > pure markup.
> >
> > -igor
> >
> > On Mon, May 25, 2009 at 8:48 AM, Jörn Zaefferer
> > wrote:
> >> That was the idea. But Wicket still can't find the component markup
> >> when looking for it. The form adds this elsewhere:
> >>
> >> add(new HiddenField("csrf-protection", new
> >> Model(csrfProtection())).setRequired(true).add(new
> >> IValidator() {
> >>public void validate(IValidatable validatable) {
> >>log.warn("potential csrf attack, submitted value: " +
> >> validatable.getValue() + ", expected: " + csrfProtection());
> >>validatable.error(new ValidationError().setMessage("wrong
> csrf
> >> protection cookie"));
> >>}
> >> }));
> >>
> >> Jörn
> >>
> >> On Mon, May 25, 2009 at 5:44 PM, Igor Vaynberg
> wrote:
> >>> if you write it out in oncomponenttagbody then you dont need it in the
> >>> markupo anymore.
> >>>
> >>> -igor
> >>>
> >>> On Mon, May 25, 2009 at 6:32 AM, Jörn Zaefferer
> >>> wrote:
> Hi,
>
> my application uses a form subclass everywhere for CSRF protection.
> Each form needs a hidden field like this: wicket:id="csrf-protection" />
> The wicket component for that is added by the form subclass
> (SecureForm) which all other forms in the application extend.
>
> Currently each form has to include that markup somewhere, producing a
> lot of duplication.
>
> I'm looking for a way to get rid of that duplication. An approach I'm
> currently investigating is to generate the markup, similar to how Form
> genrates a hidden input it its onComponentTagBody:
>
> @Override
> protected void onComponentTagBody(MarkupStream markupStream,
> ComponentTag openTag) {
> String nameAndId = get("csrf-protection").getId();
> AppendingStringBuffer buffer = new AppendingStringBuffer(
> " />");
> getResponse().write(buffer);
> super.onComponentTagBody(markupStream, openTag);
> }
>
> That doesn't work, Wicket throws an exception of a missing reference
> in markup anyway. Likely because this just writes to the response, not
> extending the markup.
> I also don't see any way to achieve this via MarkupStream or
> ComponentTag.
>
> Any ideas?
>
> Regards
> Jörn Zaefferer
>
> -
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>
> >>>
> >>> -
> >>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> >>> For additional commands, e-mail: users-h...@wicket.apache.org
> >>>
> >>>
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> >> For additional commands, e-mail: users-h...@wicket.apache.org
> >>
> >>
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> > For additional commands, e-mail: users-h...@wicket.apache.org
> >
> >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>
Re: Generate markup for hidden framework form field?
How is that going the fix the problem? I'd end up with markup, but no
behaviour on top of it.
Jörn
On Mon, May 25, 2009 at 5:52 PM, Igor Vaynberg wrote:
> right, so remove that code since you have replaced that component with
> pure markup.
>
> -igor
>
> On Mon, May 25, 2009 at 8:48 AM, Jörn Zaefferer
> wrote:
>> That was the idea. But Wicket still can't find the component markup
>> when looking for it. The form adds this elsewhere:
>>
>> add(new HiddenField("csrf-protection", new
>> Model(csrfProtection())).setRequired(true).add(new
>> IValidator() {
>> public void validate(IValidatable validatable) {
>> log.warn("potential csrf attack, submitted value: " +
>> validatable.getValue() + ", expected: " + csrfProtection());
>> validatable.error(new ValidationError().setMessage("wrong csrf
>> protection cookie"));
>> }
>> }));
>>
>> Jörn
>>
>> On Mon, May 25, 2009 at 5:44 PM, Igor Vaynberg
>> wrote:
>>> if you write it out in oncomponenttagbody then you dont need it in the
>>> markupo anymore.
>>>
>>> -igor
>>>
>>> On Mon, May 25, 2009 at 6:32 AM, Jörn Zaefferer
>>> wrote:
Hi,
my application uses a form subclass everywhere for CSRF protection.
Each form needs a hidden field like this: >>> wicket:id="csrf-protection" />
The wicket component for that is added by the form subclass
(SecureForm) which all other forms in the application extend.
Currently each form has to include that markup somewhere, producing a
lot of duplication.
I'm looking for a way to get rid of that duplication. An approach I'm
currently investigating is to generate the markup, similar to how Form
genrates a hidden input it its onComponentTagBody:
@Override
protected void onComponentTagBody(MarkupStream markupStream,
ComponentTag openTag) {
String nameAndId = get("csrf-protection").getId();
AppendingStringBuffer buffer = new AppendingStringBuffer(
"");
getResponse().write(buffer);
super.onComponentTagBody(markupStream, openTag);
}
That doesn't work, Wicket throws an exception of a missing reference
in markup anyway. Likely because this just writes to the response, not
extending the markup.
I also don't see any way to achieve this via MarkupStream or ComponentTag.
Any ideas?
Regards
Jörn Zaefferer
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>>> For additional commands, e-mail: users-h...@wicket.apache.org
>>>
>>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>> For additional commands, e-mail: users-h...@wicket.apache.org
>>
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
Re: Generate markup for hidden framework form field?
right, so remove that code since you have replaced that component with
pure markup.
-igor
On Mon, May 25, 2009 at 8:48 AM, Jörn Zaefferer
wrote:
> That was the idea. But Wicket still can't find the component markup
> when looking for it. The form adds this elsewhere:
>
> add(new HiddenField("csrf-protection", new
> Model(csrfProtection())).setRequired(true).add(new
> IValidator() {
> public void validate(IValidatable validatable) {
> log.warn("potential csrf attack, submitted value: " +
> validatable.getValue() + ", expected: " + csrfProtection());
> validatable.error(new ValidationError().setMessage("wrong csrf
> protection cookie"));
> }
> }));
>
> Jörn
>
> On Mon, May 25, 2009 at 5:44 PM, Igor Vaynberg
> wrote:
>> if you write it out in oncomponenttagbody then you dont need it in the
>> markupo anymore.
>>
>> -igor
>>
>> On Mon, May 25, 2009 at 6:32 AM, Jörn Zaefferer
>> wrote:
>>> Hi,
>>>
>>> my application uses a form subclass everywhere for CSRF protection.
>>> Each form needs a hidden field like this: >> wicket:id="csrf-protection" />
>>> The wicket component for that is added by the form subclass
>>> (SecureForm) which all other forms in the application extend.
>>>
>>> Currently each form has to include that markup somewhere, producing a
>>> lot of duplication.
>>>
>>> I'm looking for a way to get rid of that duplication. An approach I'm
>>> currently investigating is to generate the markup, similar to how Form
>>> genrates a hidden input it its onComponentTagBody:
>>>
>>> @Override
>>> protected void onComponentTagBody(MarkupStream markupStream,
>>> ComponentTag openTag) {
>>> String nameAndId = get("csrf-protection").getId();
>>> AppendingStringBuffer buffer = new AppendingStringBuffer(
>>> "");
>>> getResponse().write(buffer);
>>> super.onComponentTagBody(markupStream, openTag);
>>> }
>>>
>>> That doesn't work, Wicket throws an exception of a missing reference
>>> in markup anyway. Likely because this just writes to the response, not
>>> extending the markup.
>>> I also don't see any way to achieve this via MarkupStream or ComponentTag.
>>>
>>> Any ideas?
>>>
>>> Regards
>>> Jörn Zaefferer
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>>> For additional commands, e-mail: users-h...@wicket.apache.org
>>>
>>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>> For additional commands, e-mail: users-h...@wicket.apache.org
>>
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
Re: Generate markup for hidden framework form field?
That was the idea. But Wicket still can't find the component markup
when looking for it. The form adds this elsewhere:
add(new HiddenField("csrf-protection", new
Model(csrfProtection())).setRequired(true).add(new
IValidator() {
public void validate(IValidatable validatable) {
log.warn("potential csrf attack, submitted value: " +
validatable.getValue() + ", expected: " + csrfProtection());
validatable.error(new ValidationError().setMessage("wrong csrf
protection cookie"));
}
}));
Jörn
On Mon, May 25, 2009 at 5:44 PM, Igor Vaynberg wrote:
> if you write it out in oncomponenttagbody then you dont need it in the
> markupo anymore.
>
> -igor
>
> On Mon, May 25, 2009 at 6:32 AM, Jörn Zaefferer
> wrote:
>> Hi,
>>
>> my application uses a form subclass everywhere for CSRF protection.
>> Each form needs a hidden field like this: > wicket:id="csrf-protection" />
>> The wicket component for that is added by the form subclass
>> (SecureForm) which all other forms in the application extend.
>>
>> Currently each form has to include that markup somewhere, producing a
>> lot of duplication.
>>
>> I'm looking for a way to get rid of that duplication. An approach I'm
>> currently investigating is to generate the markup, similar to how Form
>> genrates a hidden input it its onComponentTagBody:
>>
>> @Override
>> protected void onComponentTagBody(MarkupStream markupStream,
>> ComponentTag openTag) {
>> String nameAndId = get("csrf-protection").getId();
>> AppendingStringBuffer buffer = new AppendingStringBuffer(
>> "");
>> getResponse().write(buffer);
>> super.onComponentTagBody(markupStream, openTag);
>> }
>>
>> That doesn't work, Wicket throws an exception of a missing reference
>> in markup anyway. Likely because this just writes to the response, not
>> extending the markup.
>> I also don't see any way to achieve this via MarkupStream or ComponentTag.
>>
>> Any ideas?
>>
>> Regards
>> Jörn Zaefferer
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
>> For additional commands, e-mail: users-h...@wicket.apache.org
>>
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
Re: Generate markup for hidden framework form field?
if you write it out in oncomponenttagbody then you dont need it in the
markupo anymore.
-igor
On Mon, May 25, 2009 at 6:32 AM, Jörn Zaefferer
wrote:
> Hi,
>
> my application uses a form subclass everywhere for CSRF protection.
> Each form needs a hidden field like this: wicket:id="csrf-protection" />
> The wicket component for that is added by the form subclass
> (SecureForm) which all other forms in the application extend.
>
> Currently each form has to include that markup somewhere, producing a
> lot of duplication.
>
> I'm looking for a way to get rid of that duplication. An approach I'm
> currently investigating is to generate the markup, similar to how Form
> genrates a hidden input it its onComponentTagBody:
>
> @Override
> protected void onComponentTagBody(MarkupStream markupStream,
> ComponentTag openTag) {
> String nameAndId = get("csrf-protection").getId();
> AppendingStringBuffer buffer = new AppendingStringBuffer(
> "");
> getResponse().write(buffer);
> super.onComponentTagBody(markupStream, openTag);
> }
>
> That doesn't work, Wicket throws an exception of a missing reference
> in markup anyway. Likely because this just writes to the response, not
> extending the markup.
> I also don't see any way to achieve this via MarkupStream or ComponentTag.
>
> Any ideas?
>
> Regards
> Jörn Zaefferer
>
> -
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
Generate markup for hidden framework form field?
Hi,
my application uses a form subclass everywhere for CSRF protection.
Each form needs a hidden field like this:
The wicket component for that is added by the form subclass
(SecureForm) which all other forms in the application extend.
Currently each form has to include that markup somewhere, producing a
lot of duplication.
I'm looking for a way to get rid of that duplication. An approach I'm
currently investigating is to generate the markup, similar to how Form
genrates a hidden input it its onComponentTagBody:
@Override
protected void onComponentTagBody(MarkupStream markupStream,
ComponentTag openTag) {
String nameAndId = get("csrf-protection").getId();
AppendingStringBuffer buffer = new AppendingStringBuffer(
"");
getResponse().write(buffer);
super.onComponentTagBody(markupStream, openTag);
}
That doesn't work, Wicket throws an exception of a missing reference
in markup anyway. Likely because this just writes to the response, not
extending the markup.
I also don't see any way to achieve this via MarkupStream or ComponentTag.
Any ideas?
Regards
Jörn Zaefferer
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
