Thanks for fast answer :) -- Daniel
On Tue, May 31, 2016 at 4:54 PM, Martin Grigorov <mgrigo...@apache.org> wrote: > Hi, > > The version is intended to be used by the browser for client side caching, > not by Wicket. That's why it is just stripped off by Wicket without any > validation. > Actually if Wicket rejects it then you won't be able to update your > resources in new application versions. > > Martin Grigorov > Wicket Training and Consulting > https://twitter.com/mtgrigorov > > On Tue, May 31, 2016 at 4:51 PM, Daniel Stoch <daniel.st...@gmail.com> > wrote: > >> Hi, >> >> By default Wicket (6.x) uses IResourceCachingStrategy which generates >> resource urls like this one: >> >> http://host/myapp/wicket/resource/com.mycompany.BootstrapBehavior/js/timepicker/bootstrap-timepicker-ver-1E0DAFB24FE33C93370DE13BF6FFE77F.js >> >> But as a user I can generate almost any version number in this url and >> it will be handled correctly by Wicket. For example these urls still >> work ok: >> >> http://host/myapp/wicket/resource/com.mycompany.BootstrapBehavior/js/timepicker/bootstrap-timepicker-ver-123.js >> >> http://host/myapp/wicket/resource/com.mycompany.BootstrapBehavior/js/timepicker/bootstrap-timepicker-ver--alert('1');return >> false;.js >> >> Is it a desired behavior or maybe Wicket should reject such >> "incorrect" versions? Could it be some security issue? >> >> -- >> Best regards, >> Daniel >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org