Hi, By default Wicket (6.x) uses IResourceCachingStrategy which generates resource urls like this one: http://host/myapp/wicket/resource/com.mycompany.BootstrapBehavior/js/timepicker/bootstrap-timepicker-ver-1E0DAFB24FE33C93370DE13BF6FFE77F.js
But as a user I can generate almost any version number in this url and it will be handled correctly by Wicket. For example these urls still work ok: http://host/myapp/wicket/resource/com.mycompany.BootstrapBehavior/js/timepicker/bootstrap-timepicker-ver-123.js http://host/myapp/wicket/resource/com.mycompany.BootstrapBehavior/js/timepicker/bootstrap-timepicker-ver--alert('1');return false;.js Is it a desired behavior or maybe Wicket should reject such "incorrect" versions? Could it be some security issue? -- Best regards, Daniel --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
