[jira] [Commented] (WICKET-6703) Eliminate window.eval from wicket-ajax-jquery

[ https://issues.apache.org/jira/browse/WICKET-6703?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16939767#comment-16939767 ] Emond Papegaaij commented on WICKET-6703: - Yes, but that would really limit the attacker to

[jira] [Commented] (WICKET-6704) JavaSerializer.serialize causes the JVM crash !

[ https://issues.apache.org/jira/browse/WICKET-6704?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16939733#comment-16939733 ] Sven Meier commented on WICKET-6704: You've written it in your code comments already: This is weird!

[jira] [Commented] (WICKET-6703) Eliminate window.eval from wicket-ajax-jquery

[ https://issues.apache.org/jira/browse/WICKET-6703?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16939636#comment-16939636 ] Sven Meier commented on WICKET-6703: Thanks [~papegaaij] , but in case of Wicket I don't see a

buildbot success in on wicket-master

The Buildbot has detected a restored build on builder wicket-master while building wicket. Full details are available at: https://ci.apache.org/builders/wicket-master/builds/1173 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: bb_slave1_ubuntu Build Reason: The

[jira] [Resolved] (WICKET-6682) Improve JavaScriptContentHeaderItem and JavaScriptUtils to support nonce

[ https://issues.apache.org/jira/browse/WICKET-6682?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sven Meier resolved WICKET-6682. Fix Version/s: (was: 9.0.0-M3) 9.0.0-M4 Resolution: Fixed CSP

buildbot success in on wicket-master-java13

The Buildbot has detected a restored build on builder wicket-master-java13 while building wicket. Full details are available at: https://ci.apache.org/builders/wicket-master-java13/builds/128 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: bb_slave1_ubuntu Build Reason: The

buildbot success in on wicket-master-java14

The Buildbot has detected a restored build on builder wicket-master-java14 while building wicket. Full details are available at: https://ci.apache.org/builders/wicket-master-java14/builds/37 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: bb_slave1_ubuntu Build Reason: The

buildbot success in on wicket-master-java12

The Buildbot has detected a restored build on builder wicket-master-java12 while building wicket. Full details are available at: https://ci.apache.org/builders/wicket-master-java12/builds/132 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: bb_slave1_ubuntu Build Reason: The

[jira] [Commented] (WICKET-6682) Improve JavaScriptContentHeaderItem and JavaScriptUtils to support nonce

[ https://issues.apache.org/jira/browse/WICKET-6682?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16939575#comment-16939575 ] ASF subversion and git services commented on WICKET-6682: - Commit

[wicket] branch master updated: WICKET-6682 added license headers

This is an automated email from the ASF dual-hosted git repository. svenmeier pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/wicket.git The following commit(s) were added to refs/heads/master by this push: new 3106380 WICKET-6682 added license headers

buildbot failure in on wicket-master

The Buildbot has detected a new failure on builder wicket-master while building wicket. Full details are available at: https://ci.apache.org/builders/wicket-master/builds/1172 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: bb_slave1_ubuntu Build Reason: The

buildbot failure in on wicket-master-java14

The Buildbot has detected a new failure on builder wicket-master-java14 while building wicket. Full details are available at: https://ci.apache.org/builders/wicket-master-java14/builds/36 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: bb_slave1_ubuntu Build Reason: The

buildbot failure in on wicket-master-java12

The Buildbot has detected a new failure on builder wicket-master-java12 while building wicket. Full details are available at: https://ci.apache.org/builders/wicket-master-java12/builds/131 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: bb_slave1_ubuntu Build Reason: The

[jira] [Commented] (WICKET-6682) Improve JavaScriptContentHeaderItem and JavaScriptUtils to support nonce

[ https://issues.apache.org/jira/browse/WICKET-6682?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16939412#comment-16939412 ] ASF subversion and git services commented on WICKET-6682: - Commit

[jira] [Commented] (WICKET-6682) Improve JavaScriptContentHeaderItem and JavaScriptUtils to support nonce

[ https://issues.apache.org/jira/browse/WICKET-6682?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16939413#comment-16939413 ] ASF subversion and git services commented on WICKET-6682: - Commit

[wicket] branch master updated (0a1c335 -> 5d99df3)

This is an automated email from the ASF dual-hosted git repository. svenmeier pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/wicket.git. from 0a1c335 WICKET-6701 configurable content disposition new a1a53a9 WICKET-6682 CSP must use 'strict-dynamic'

[wicket] 02/02: WICKET-6682 remove meta based on 'http-equiv' too

This is an automated email from the ASF dual-hosted git repository. svenmeier pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/wicket.git commit 5d99df322d62e3ea8a443d2f90dfac03a708dbb5 Author: Sven Meier AuthorDate: Fri Sep 27 14:38:19 2019 +0200

[wicket] 01/02: WICKET-6682 CSP must use 'strict-dynamic'

This is an automated email from the ASF dual-hosted git repository. svenmeier pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/wicket.git commit a1a53a9d8da0e06520ff68d58b3f4dd64d329a9f Author: Sven Meier AuthorDate: Fri Sep 27 12:40:55 2019 +0200

[jira] [Reopened] (WICKET-6682) Improve JavaScriptContentHeaderItem and JavaScriptUtils to support nonce

[ https://issues.apache.org/jira/browse/WICKET-6682?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sven Meier reopened WICKET-6682: This doesn't work for JS/Css resources added via Ajax yet. We'll have to add 'strict-dynamic' to the

[jira] [Commented] (WICKET-6703) Eliminate window.eval from wicket-ajax-jquery

[ https://issues.apache.org/jira/browse/WICKET-6703?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16939351#comment-16939351 ] Emond Papegaaij commented on WICKET-6703: - Yes, this is more secure. Remember that this is about

[jira] [Created] (WICKET-6704) JavaSerializer.serialize causes the JVM crash !

Joe K created WICKET-6704: - Summary: JavaSerializer.serialize causes the JVM crash ! Key: WICKET-6704 URL: https://issues.apache.org/jira/browse/WICKET-6704 Project: Wicket Issue Type: Bug

[jira] [Assigned] (WICKET-6703) Eliminate window.eval from wicket-ajax-jquery

[ https://issues.apache.org/jira/browse/WICKET-6703?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sven Meier reassigned WICKET-6703: -- Assignee: Sven Meier > Eliminate window.eval from wicket-ajax-jquery >

[jira] [Commented] (WICKET-6703) Eliminate window.eval from wicket-ajax-jquery

[ https://issues.apache.org/jira/browse/WICKET-6703?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16939162#comment-16939162 ] Sven Meier commented on WICKET-6703: [~Kondratev] Good to have this as a separate issue now. Some

[jira] [Updated] (WICKET-6688) Add alternative RPC response to substitute the append java script in ajax response

[ https://issues.apache.org/jira/browse/WICKET-6688?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sven Meier updated WICKET-6688: --- Description: Some kind of RPC could be added to -eliminate 'unsafe-eval' in CSP headers- for