| h3. Ancestors |
| |
| Suppose on a user profile panel we have the following code: |
| |
| {code} |
| queue(new Label("first")); |
| queue(new Label("last")); |
| |
| WebMarkupContainer secure=new WebMarkupContainer("secure") { |
| void onConfigure() { |
| super.onConfigure(); |
| setVisible(isViewingOwnProfile()); |
| } |
| }; |
| |
| queue(secure); |
| secure.queue(new Label("creditCardNumber")); |
| secure.queue(new Label("creditCardExpiry")); |
| {code} |
| |
| What is to prevent someone with access to markup from moving the @creditCardNumber@ label out of the @secure@ div, causing a big security problem for the site? |
| |
| Wicket will only dequeue components either to the component they are queued to or any of its descendants. |
| |
| In the code above this is the reason why we queued the @creditCardNumber@ label into the @secure@ container. That means it can only be dequeued into the @secure@ container’s hierarchy. |
| |
| This restriction allows developers to enforce certain parent-child relationships in their code. |
| |
| h3. Regions |
| |
| Dequeuing of components will not happen across components that implement the @org.apache.wicket.IQueueRegion@ interface. This interface is implemented by all components that provide their own markup such as: @Page@, @Panel@, @Border@, @Fragment@. This is done so that if both a page and panel contain a component with id @foo@ the one queued into the page will not be dequeued into the panel. This minimizes confusion and debugging time. The rule so far is that if a component provides its own markup only components queued inside it will be dequeued into it. |
