Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependencies are updated; Javadoc warning were fixed; Failing test was disabled #1175

Open
wants to merge 1 commit into
base: wicket-10.x-bootstrap-5.x
Choose a base branch
from
Open

Dependencies are updated; Javadoc warning were fixed; Failing test was disabled #1175

wants to merge 1 commit into from

Conversation

solomax
Copy link
Contributor

@solomax solomax commented Dec 20, 2024

No description provided.

@pedrosans
Copy link

Hi Maxim,

In the work to fix the CVE-2024-53299, BasicResourceReferenceMapper was changed to only create ResourceReference for requests made for scope/name pairs matching a package resource. Because wicket-bootstrap-sass creates ResourceReference objects to resources in the servlet context instead, this test for sanity in the URL parameters fails and a ContextRelativeSassResourceReference is never created for the scope/name. I can:

1 - change the sanitization check to be extendable in wicket-core
2 - extend the sanitization check in wicket-bootstrap-sass to test for the ContextRelativeSassResourceReference#CONTEXT_RELATIVE_SASS_REFERENCE_VARIATION flag in the URL

Unfortunately I can't imagine a way to fix the failing test/issue in the current version.

@pedrosans
Copy link

for reference: apache/wicket#1060

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@solomax @pedrosans