Tags
People
Badges
Help-
CORE FRAMEWORK
FEATURED COMPONENTS
-
RESOURCES
-
LEARN ZK
RESOURCES
Hi,
Is there a way to deactivate the auto-generated HTML comment, which is appended to each ZUL response by the zk servlet ? (see the html comment below)
<script type="text/javascript" src="/ssd/zkau/web/48244cbb/js/zk.wpd" charset="UTF-8">
</script>
<script type="text/javascript" src="/ssd/zkau/web/48244cbb/js/zul.lang.wpd" charset="UTF-8">
</script>
<!-- ZK 5.0.12 EE 2012110612 -->
…
Is there something such as a zk “strip comment” library-property to set in zk.xml, a context-param or a init-param for the zk servlet ? For example something similar to JSF technology :
<context-param>
<param-name>javax.faces.FACELETS_SKIP_COMMENTS</param-name>
<param-value>true</param-value>
</context-param>
I'm using both ZK EE 5.x and 6.x version.
Thanks in advance.
Regards,
Saad BENBOUZID
As I know, there is no such configuration in ZK so far. But I think the comment affects nothing. Because it seems it's the only HTML comment generated by zul.
As a matter of fact, our customer pointed this as a security flaw, because displaying zk version exposes the application to all publicly opened issues (http://tracker.zkoss.org/) related to this version, including major and minor security faults.
I think it might be an interesting feature for upcoming releases (?)
@hawk : I had an answer from the technical support. I repost it here so it can help someone else.
Since ZK 6.5.5, we have included a library-property that you can configure and decide if you wish to display the zk version. For your ZK 6 based app please upgrade to 6.5.5 and reference this document to set the property: http://books.zkoss.org/wiki/ZKConfigurationReference/zk.xml/TheLibraryProperties/org.zkoss.zk.ui.versionInfo.enabled.
I am not aware of any way not to display the version for ZK 5, I will take another look and let you know if I have something new on this.
Vincent Jian
The ZK Team
Asked: 2014-07-01 17:25:11 +0800
Seen: 15 times
Last updated: Jul 02 '14
