From users-return-95348-archive-asf-public=cust-asf.ponee.io@wicket.apache.org Thu Apr 9 08:06:13 2020 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id BF284180634 for ; Thu, 9 Apr 2020 10:06:12 +0200 (CEST) Received: (qmail 37050 invoked by uid 500); 9 Apr 2020 08:06:12 -0000 Mailing-List: contact users-help@wicket.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@wicket.apache.org Delivered-To: mailing list users@wicket.apache.org Received: (qmail 37038 invoked by uid 99); 9 Apr 2020 08:06:11 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 09 Apr 2020 08:06:11 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 2ACB6C2122 for ; Thu, 9 Apr 2020 08:06:11 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.101 X-Spam-Level: * X-Spam-Status: No, score=1.101 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_REPLY=1, HTML_MESSAGE=0.2, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URI_HEX=0.1] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-he-de.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id e7acEWbDd6j6 for ; Thu, 9 Apr 2020 08:06:09 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2607:f8b0:4864:20::82d; helo=mail-qt1-x82d.google.com; envelope-from=shengchehsiao@gmail.com; receiver= Received: from mail-qt1-x82d.google.com (mail-qt1-x82d.google.com [IPv6:2607:f8b0:4864:20::82d]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTPS id 2C5057FA88 for ; Thu, 9 Apr 2020 08:06:09 +0000 (UTC) Received: by mail-qt1-x82d.google.com with SMTP id g7so2063931qtj.13 for ; Thu, 09 Apr 2020 01:06:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=58uSjpPYRX8ADTbcV4oZS3t7ITmwzOfqfd8SwWRjF58=; b=NoeOD42bn0PtkaorXxY5bmDQs2uA9uVq8WcMDT4+HQzubdH2hztUaoyRQP2O3Cl4DJ 9K43iCTS7OiO2W+SWmSAqdYY/FOVNLn0qr3uzA8CUqZnkBrHD8+HVdbQXOTdBvLAsEfX w9NZctzUQbbnLkz+JtdFijGimzcr7fFY/BJPADaZksXWa+bTgIc1usczPjVm/Meh4nVl c4rqozuHRUakwXv1aBqz9NK/qsJUq/5uGApX9R2pY/ogfSkcaMVSKun4Xg2X/PFxD0Oe 0zctZ5pTdP07v6ka1BCQDbhATSZ82+StdsA/IpTpCxxJqMOV+HUwKlXaCykaZdPF2QOW MYuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=58uSjpPYRX8ADTbcV4oZS3t7ITmwzOfqfd8SwWRjF58=; b=Sb/7ibybiPqOkKw9PmGWo6woVsZwoXsrX4IO6lwosbqVH8oKIzKXHjVwEDDPiqGm5B qnE0OKfCPK4NTI7YG+oqd89Hq+g6cc4/mp0+rgVl+1bfBzpa8ZItUKj0fbDLaIChIbxU yaohe/51XzSC235BM0RiCJMrCmz456BtMVACPCDDyJoa49t/YUR3X1VRrnorQmHShMs0 AIH4zlKCKVKohwSAUQG2YbO+Y8NxHP6yWfGB8MLFXwRoXxjSmJdUHLQ3JCfSrfCxiDG7 ZX/6B+7uCP79o0Hx6frSIwWuU8KJKNOD48Ws3jeNk7QblK2UrzYWTcMmipDtMsme3WAa mCjg== X-Gm-Message-State: AGi0Puak5lVEUrhefaikv7U4SE5fWc5Hr4q/6EdSa24t/f61+xMSI116 97V4cvfsYflR5h2mk1k07G74/UKxKKZ2/Y4DzwXtXw== X-Google-Smtp-Source: APiQypI4YQwS6QUcAruF08CfrJmgD0idvYsMiSP3pzI2FZsyPMgDTN1r0kS4IiJ+SVi1GfoTIEDHwFBLJSkSeQj8aLM= X-Received: by 2002:ac8:124b:: with SMTP id g11mr264570qtj.215.1586419567769; Thu, 09 Apr 2020 01:06:07 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Shengche Hsiao Date: Thu, 9 Apr 2020 16:05:56 +0800 Message-ID: Subject: Re: About XML Injection To: users@wicket.apache.org Content-Type: multipart/alternative; boundary="000000000000cd3d4c05a2d71625" --000000000000cd3d4c05a2d71625 Content-Type: text/plain; charset="UTF-8" Thanks On Thu, Apr 9, 2020 at 15:57 Martin Terra wrote: > I'd recommend you simply include it with maven options into your IDE this > way it is always there with you. > > You can googe it, and there are some recent previous wicket threads about > it too: > > http://apache-wicket.1842946.n4.nabble.com/Where-to-download-Javadoc-for-Wicket-8-x-td4683643.html#a4683654 > > ** > Martin > > to 9. huhtik. 2020 klo 10.55 Shengche Hsiao (shengchehsiao@gmail.com) > kirjoitti: > > > I can checkout source from github, but I need some advise to start, > thanks > > > > On Thu, Apr 9, 2020 at 3:36 PM Martin Terra < > > martin.terra@koodaripalvelut.com> wrote: > > > > > You could override some of the methods that do the injecting. Do you > have > > > the wicket sources? > > > > > > ** > > > Martin > > > > > > to 9. huhtik. 2020 klo 10.27 ShengChe Hsiao (front713@gmail.com) > > > kirjoitti: > > > > > > > Dear all > > > > > > > > I use built-in ajax dropdownchoice component, it's default payload is > > xml > > > > entity, but if I need to prevent xml injection ,how can i do? > > > > > > > > > > > > -------------------------------------------------------------------- > > > > -----------------------------------> > > > > To boldly go where no man has gone before. > > > > -------------------------------------------------------------------- > > > > -----------------------------------> > > > > We do this not because it is easy. We do this because it is hard. > > > > ----------------------------------------------------------------- > > > > --------------------------------------> > > > > If I have seen further it is by standing on the shoulders of giants. > > > > ---------------------------------------------------------- > > > > ---------------------------------------------> > > > > front713@gmail.com > > > > > > > > > > > > > > ---------------------------------------------------------------------------------------------> > > > > > > > > > > > > > -- > > > > -----------------------------------------------------------------------> > > We do this not because it is easy. We do this because it is hard. > > -----------------------------------------------------------------------> > > ShengChe Hsiao > > -----------------------------------------------------------------------> > > front713@gmail.com > > front713@tc.edu.tw > > -----------------------------------------------------------------------> > > VoIP : 070-910-2450 > > -----------------------------------------------------------------------> > > > -- -----------------------------------------------------------------------> We do this not because it is easy. We do this because it is hard. -----------------------------------------------------------------------> ShengChe Hsiao -----------------------------------------------------------------------> front713@gmail.com front713@tc.edu.tw -----------------------------------------------------------------------> VoIP : 070-910-2450 -----------------------------------------------------------------------> --000000000000cd3d4c05a2d71625--