• Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Major Major
    • junit-plugin
    • None
    • Platform: All, OS: All

      In tests I work on, it is common to print URLs as part of the failure message or
      stdout/stderr to refer the failure evaluator to some other resource, e.g. a wiki
      page explaining why this test is significant, or a bug report, or even a
      screenshot captured during the test:

      http://hg.netbeans.org/main/diff/d2e46e3d2b9c/jellytools.platform/src/org/netbeans/jellytools/JellyTestCase.java

      Unfortunately, Hudson's web output does not hyperlink these URLs, so you have to
      copy them and paste them into the Location bar. It would be nice if these were
      automatically detected, and hyperlinked.

          [JENKINS-3225] Hyperlink URLs in JUnit output

          Code changed in hudson
          User: : jglick
          Path:
          trunk/hudson/main/core/src/main/java/hudson/util/HyperlinkingOutTag.java
          trunk/hudson/main/core/src/main/resources/hudson/tasks/junit/CaseResult/index.jelly
          trunk/hudson/main/core/src/test/java/hudson/util/HyperlinkingOutTagTest.java
          http://fisheye4.cenqua.com/changelog/hudson/?cs=16023
          Log:
          [FIXED JENKINS-3225] Hyperlink URLs in JUnit output.

          SCM/JIRA link daemon added a comment - Code changed in hudson User: : jglick Path: trunk/hudson/main/core/src/main/java/hudson/util/HyperlinkingOutTag.java trunk/hudson/main/core/src/main/resources/hudson/tasks/junit/CaseResult/index.jelly trunk/hudson/main/core/src/test/java/hudson/util/HyperlinkingOutTagTest.java http://fisheye4.cenqua.com/changelog/hudson/?cs=16023 Log: [FIXED JENKINS-3225] Hyperlink URLs in JUnit output.

          Code changed in hudson
          User: : jglick
          Path:
          trunk/www/changelog.html
          http://fisheye4.cenqua.com/changelog/hudson/?cs=16024
          Log:
          JENKINS-3225 Noted.

          SCM/JIRA link daemon added a comment - Code changed in hudson User: : jglick Path: trunk/www/changelog.html http://fisheye4.cenqua.com/changelog/hudson/?cs=16024 Log: JENKINS-3225 Noted.

          Kim Randell added a comment -

          jglick Was this lost in the conversion to a plugin? It doesn't seem to work any more.

          Kim Randell added a comment - jglick Was this lost in the conversion to a plugin? It doesn't seem to work any more.

          Jesse Glick added a comment -

          I doubt the plugin split would have mattered, but it could have regressed since then for other reasons. Best to file a separate bug with complete steps to reproduce from scratch, linked to this one.

          Jesse Glick added a comment - I doubt the plugin split would have mattered, but it could have regressed since then for other reasons. Best to file a separate bug with complete steps to reproduce from scratch, linked to this one.

          Kim Randell added a comment -

          Just noticed that it does work correctly when viewing the individual test, but not when expanding All Failed Tests from the main Test Report. I'll report that as a new issue.

           

          Kim Randell added a comment - Just noticed that it does work correctly when viewing the individual test, but not when expanding All Failed Tests from the main Test Report. I'll report that as a new issue.  

          James VanderZouwen added a comment - - edited

          This is no longer working as of latest version of the plugin
          https://github.com/jenkinsci/junit-plugin/pull/458/files# 

          James VanderZouwen added a comment - - edited This is no longer working as of latest version of the plugin https://github.com/jenkinsci/junit-plugin/pull/458/files#  

          This functionality seems to have been removed for security reasons :/

          James VanderZouwen added a comment - This functionality seems to have been removed for security reasons :/

          Andrew Lee added a comment -

          Not being able to include links in JUnit console output is pretty significant hit to usability. We include links in various contexts to help streamline the process of troubleshooting JUnit failures, and having to manually copy/paste them into the address bar every time is quite cumbersome.

           

          Looks like this was a recent, intentional change to address a security issue (SECURITY-2888 / CVE-2022-45380). I notice that the issue states that the conversion to hyperlinks was "done in an unsafe manner". This seems to imply that there is a safe way to accomplish this. Are there any plans to restore this functionality in a way that does not create a stored XSS vulnerability? Also, are there any workarounds that would allow us to display hyperlinks in some other way?

          Andrew Lee added a comment - Not being able to include links in JUnit console output is pretty significant hit to usability. We include links in various contexts to help streamline the process of troubleshooting JUnit failures, and having to manually copy/paste them into the address bar every time is quite cumbersome.   Looks like this was a recent, intentional change to address a security issue (SECURITY-2888 / CVE-2022-45380). I notice that the issue states that the conversion to hyperlinks was "done in an unsafe manner". This seems to imply that there is a safe way to accomplish this. Are there any plans to restore this functionality in a way that does not create a stored XSS vulnerability? Also, are there any workarounds that would allow us to display hyperlinks in some other way?

          Jesse Glick added a comment -

          We include links in various contexts to help streamline the process of troubleshooting JUnit failures

          Not sure if it is applicable in your case, but tip: https://plugins.jenkins.io/junit-attachments/

          Jesse Glick added a comment - We include links in various contexts to help streamline the process of troubleshooting JUnit failures Not sure if it is applicable in your case, but tip: https://plugins.jenkins.io/junit-attachments/

          Julie Heard added a comment -

          If this is the same issue as JENKINS-59846 I have done a PR to fix here: https://github.com/jenkinsci/junit-plugin/pull/555 Please give any feedback and I can tweak the level of sanitizing the URLs

          Julie Heard added a comment - If this is the same issue as JENKINS-59846 I have done a PR to fix here: https://github.com/jenkinsci/junit-plugin/pull/555 Please give any feedback and I can tweak the level of sanitizing the URLs

            Unassigned Unassigned
            jglick Jesse Glick
            Votes:
            3 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: