Hi, On Sun, Jan 3, 2016 at 6:33 PM, Илья Нарыжный <phan...@ydn.ru> wrote:
> Sorry, Andrea, I meant "observed" according to my experiments. I have > already redo my implementation, but class and this article are pretty > dangerous: it might be easily understanded in wrong way and even on > dev env it might work "as expected", but "side-effects" might be > catched only on production. I recommend to add more JavaDocs and > comments. > Please create a ticket with patch/PR with the suggested improvements! > > Thanks, > > Ilya > --------------------------------------------- > Orienteer(http://orienteer.org) - Modern Data Warehouse for your business. > > 2015-12-31 6:12 GMT-08:00 Andrea Del Bene <an.delb...@gmail.com>: > > Hi, > > > > the wiki entry you have found is pretty old (StyleSheetReference is no > more > > part of the API). Where did you read the note you reported in the mail? > > BTW: I don't think it's a security issue. It just says that variable > > interpolation is done the first time the resource is requested, so you > > should avoid to put sensitive user informations into your dynamic CSS/JS. > > > > Andrea. > >> > >> Guys, > >> > >> Please advise on the following "feature". > >> There is the following cool ability in wicket: > >> > >> > https://cwiki.apache.org/confluence/display/WICKET/Dynamically+Generate+a+CSS+Stylesheet > >> > >> Pretty much the same approach can be used for JavaScript. > >> > >> But it's noted: if try to retrieve URL for dynamically generated CSS > >> or JS after initial load of it by "legal" use - you will receive file > >> with substituted parameters for first user. > >> > >> Is it security issue or just incorrect usage of this feature? > >> > >> Thanks, > >> > >> Ilya > >> > >> --------------------------------------------- > >> Orienteer(http://orienteer.org) - Modern Data Warehouse for your > business. > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > >> For additional commands, e-mail: users-h...@wicket.apache.org > >> > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > > For additional commands, e-mail: users-h...@wicket.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > >
