Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-42902

HTML in description is always escaped

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • None
    • matrix-combinations-parameter-1.1.0
      Jenkins >= 2.32.2
      Jenkins >= 2.44

      HTMLs in the description is no longer displayed without escaping for SECURITY-353.

      To fix:

      • use `ParameterDefinition#getFormattedDescription` introduced in Jenkins-1.521.
        • 1.532 is the least LTS.
      • Set `escapeEntryTitleAndDescription` to false.

      It might be useful if itroducing the previewing feature like this:

          <f:textarea name="parameter.description" value="${instance.description}" codemirror-mode="${app.markupFormatter.codeMirrorMode}" codemirror-config="${app.markupFormatter.codeMirrorConfig}" previewEndpoint="/markupFormatter/previewDescription" />
      
      • This is introduced since Jenkins-1.554.

            ikedam ikedam
            ikedam ikedam
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: