-
Bug
-
Resolution: Fixed
-
Minor
-
None
-
matrix-combinations-parameter-1.1.0
Jenkins >= 2.32.2
Jenkins >= 2.44
HTMLs in the description is no longer displayed without escaping for SECURITY-353.
To fix:
- use `ParameterDefinition#getFormattedDescription` introduced in Jenkins-1.521.
- 1.532 is the least LTS.
- Set `escapeEntryTitleAndDescription` to false.
It might be useful if itroducing the previewing feature like this:
<f:textarea name="parameter.description" value="${instance.description}" codemirror-mode="${app.markupFormatter.codeMirrorMode}" codemirror-config="${app.markupFormatter.codeMirrorConfig}" previewEndpoint="/markupFormatter/previewDescription" />
- This is introduced since Jenkins-1.554.
- is related to
-
-
- Resolved
-
[JENKINS-42902] HTML in description is always escaped
ikedam
added a comment - https://github.com/jenkinsci/matrix-combinations-plugin/pull/22 Code changed in jenkins
User: ikedam
Path:
src/test/java/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterDefinitionTest.java
src/test/java/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterValueTest.java
src/test/java/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsRebuildParameterProviderTest.java
http://jenkins-ci.org/commit/matrix-combinations-plugin/e61298ef58456abcfa2e09bf19298757d691c549
Log:
JENKINS-42902 Add tests to reproduce SECURITY-353
Code changed in jenkins
User: ikedam
Path:
pom.xml
src/main/java/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterValue.java
src/main/resources/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterDefinition/config.jelly
src/main/resources/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterDefinition/index.groovy
src/main/resources/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterValue/rebuild.groovy
src/main/resources/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterValue/value.groovy
http://jenkins-ci.org/commit/matrix-combinations-plugin/732841c5a67bab898e4dd6d7f4b08a81e28eaa3f
Log:
[FIXED JENKINS-42902] Sanitize parameter names and descriptions
Code changed in jenkins
User: ikedam
Path:
src/main/resources/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterDefinition/config.jelly
http://jenkins-ci.org/commit/matrix-combinations-plugin/cabe08ab7a000a835f41950653e41348f020aa7c
Log:
JENKINS-42902 Disable codemirror
codemirror feature for dynamic fragments are affected by JENKINS-23026 till Jenkins 1.597.
Code changed in jenkins
User: ikedam
Path:
pom.xml
src/main/java/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterValue.java
src/main/resources/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterDefinition/config.jelly
src/main/resources/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterDefinition/index.groovy
src/main/resources/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterValue/rebuild.groovy
src/main/resources/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterValue/value.groovy
src/test/java/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterDefinitionTest.java
src/test/java/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterValueTest.java
src/test/java/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsRebuildParameterProviderTest.java
http://jenkins-ci.org/commit/matrix-combinations-plugin/92487b29478c8b2cf296889cb25c5292f2b9dc55
Log:
Merge pull request #22 from ikedam/feature/JENKINS-42902_htmlEscape
JENKINS-42902 Sanitize names and descriptions
Compare: https://github.com/jenkinsci/matrix-combinations-plugin/compare/3b978dacf725...92487b29478c
ParameterValue#getFormattedDescription is introduced since 2.32.2, 2.44. (0b471b7)