[ https://issues.apache.org/jira/browse/WICKET-6703?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andrea Del Bene closed WICKET-6703. ----------------------------------- Resolution: Fixed > Eliminate window.eval from wicket-ajax-jquery > --------------------------------------------- > > Key: WICKET-6703 > URL: https://issues.apache.org/jira/browse/WICKET-6703 > Project: Wicket > Issue Type: Improvement > Components: wicket-core > Affects Versions: 8.6.1 > Reporter: Andrew Kondratev > Assignee: Sven Meier > Priority: Major > Fix For: 9.0.0-M4 > > > It's impossible to configure wicket with strict CSP Policy without > unsafe-eval and keep using AJAX, because most of AJAX responses contain > evaluations and header contributions which cause window.eval to be called. > Window eval can be replaced with DOMEval with nonce approach. DOM eval is > available in jQuery as globalEval. -- This message was sent by Atlassian Jira (v8.3.4#803005)