[ https://issues.apache.org/jira/browse/TAP5-1592?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13072032#comment-13072032
]
Markus Jung commented on TAP5-1592:
-----------------------------------
Regarding sub classing - of course it would be possible to provide "secured" sub classes for
all components, but my current solution already works fine for all Tapestry base components.
I have two modes for CSRF protection the auto protection using event request handler and a
decorator for the component event link encoder and an explicit mode using mixins. The AjaxFormLoop
component can already be secured with the auto mode but not with the explicit mode. I just
want to make the solution complete.
It would be great to see my module becoming integrated directly in the Tapestry project, therefore
I want to provide as good integration as possible.
> Refactor AjaxFormLoop, RemoveRowLink and AddRowLink to make mixin useful for these components
> ---------------------------------------------------------------------------------------------
>
> Key: TAP5-1592
> URL: https://issues.apache.org/jira/browse/TAP5-1592
> Project: Tapestry 5
> Issue Type: Improvement
> Components: tapestry-core
> Affects Versions: 5.3
> Reporter: Markus Jung
> Priority: Trivial
> Labels: javascript
> Attachments: ajaxFormLoopForMixin.diff, jssupport.diff
>
>
> The AjaxFormLoop component stores the links in the intitializer call map. In order to
modify them in a mixin in the afterRender phase, a public getter for the JavaScriptSupport
interface and the JavaScriptSupportImpl class is required.
> I need this feature for the cross-site request forgery protection, where I use a mixin
to add a token to the rendered event links.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|