Buggy plugin implementations break job configuration too easily

This issue is archived. You can view it, but you can't modify it. Learn more

XMLWordPrintable

      The implementation of registerValidator() in hudson-behavior.js blindly pushes content from the Job configuration (attribute=checkUrl) into an eval() if the attribute "checkDependsOn" is absent.

      In cases where a plugin has no JavaScript in "checkUrl" but a plain URL String the eval() call fails as the content is interpreted as RegEx with invalid flags.

      Here is the current code in Question at line 414 to 424:

      var url = this.getAttribute("checkUrl");
var depends = this.getAttribute("checkDependsOn");

if (depends==null) {// legacy behaviour where checkUrl is a JavaScript
    return eval(url); // need access to 'this', so no 'geval'
} else {
//...

      A simple fix to prevent the breakdown of the overall Job Configuration could be achieved as follows:

      var url = this.getAttribute("checkUrl");
var depends = this.getAttribute("checkDependsOn");

if (depends==null) {// legacy behaviour where checkUrl is a JavaScript
  try {
    return eval(url); // need access to 'this', so no 'geval'
  } catch(e) {
    return url; // if the URL is not JavaScript, simply return the URL
  }
} else {
//...

      This fix or a similar approach would make the UI more robust and less fragile, especially as the core application relies on external (plugin) code.

            Assignee:
            Unassigned
            Reporter:
            Jens Hausherr
            Archiver:
            Jenkins Service Account

              Created:
              Updated:
              Resolved:
              Archived: