Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-19457

Buggy plugin implementations break job configuration too easily

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • core
    • None

      The implementation of registerValidator() in hudson-behavior.js blindly pushes content from the Job configuration (attribute=checkUrl) into an eval() if the attribute "checkDependsOn" is absent.

      In cases where a plugin has no JavaScript in "checkUrl" but a plain URL String the eval() call fails as the content is interpreted as RegEx with invalid flags.

      Here is the current code in Question at line 414 to 424:

      var url = this.getAttribute("checkUrl");
var depends = this.getAttribute("checkDependsOn");

if (depends==null) {// legacy behaviour where checkUrl is a JavaScript
    return eval(url); // need access to 'this', so no 'geval'
} else {
//...

      A simple fix to prevent the breakdown of the overall Job Configuration could be achieved as follows:

      var url = this.getAttribute("checkUrl");
var depends = this.getAttribute("checkDependsOn");

if (depends==null) {// legacy behaviour where checkUrl is a JavaScript
  try {
    return eval(url); // need access to 'this', so no 'geval'
  } catch(e) {
    return url; // if the URL is not JavaScript, simply return the URL
  }
} else {
//...

      This fix or a similar approach would make the UI more robust and less fragile, especially as the core application relies on external (plugin) code.

            Unassigned Unassigned
            jabbrwcky Jens Hausherr
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: