Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-42903

HTML in description is always escaped

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • extensible-choice-parameter-plugin
    • None
    • extensible-choice-parameter-1.3.3
      Jenkins >= 2.32.2
      Jenkins >= 2.44

      HTMLs in the description is no longer displayed without escaping for SECURITY-353.

      To fix:

      • use `ParameterDefinition#getFormattedDescription` introduced in Jenkins-1.521.
        • 1.532 is the least LTS.
      • Set `escapeEntryTitleAndDescription` to false.

      It might be useful if itroducing the previewing feature like this:

          <f:textarea name="parameter.description" value="${instance.description}" codemirror-mode="${app.markupFormatter.codeMirrorMode}" codemirror-config="${app.markupFormatter.codeMirrorConfig}" previewEndpoint="/markupFormatter/previewDescription" />
      • This is introduced since Jenkins-1.554.

        1. image-2017-03-27-13-47-34-456.png
          image-2017-03-27-13-47-34-456.png
          67 kB

          [JENKINS-42903] HTML in description is always escaped

          bright.ma added a comment - - edited

          i met this issue on my jenkins.

           

          jenkins 2.32.3

           extensible-choice-parameter-  1.3.4

           

           

          bright.ma added a comment - - edited i met this issue on my jenkins.   jenkins 2.32.3  extensible-choice-parameter-  1.3.4    

          ikedam added a comment -

          https://github.com/jenkinsci/extensible-choice-parameter-plugin/pull/31

          ikedam added a comment - https://github.com/jenkinsci/extensible-choice-parameter-plugin/pull/31

          SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: ikedam
          Path:
          pom.xml
          src/test/java/jp/ikedam/jenkins/plugins/extensible_choice_parameter/ExtensibleChoiceParameterDefinitionJenkinsTest.java
          http://jenkins-ci.org/commit/extensible-choice-parameter-plugin/141d90c373eccf9a8c3c497764407479f0e74bff
          Log:
          JENKINS-42903 Add tests to reproduce JENKINS-42903: HTML texts are not properly escaped

          This results HTML texts are always escaped since Jenkins >= 2.32.2.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: pom.xml src/test/java/jp/ikedam/jenkins/plugins/extensible_choice_parameter/ExtensibleChoiceParameterDefinitionJenkinsTest.java http://jenkins-ci.org/commit/extensible-choice-parameter-plugin/141d90c373eccf9a8c3c497764407479f0e74bff Log: JENKINS-42903 Add tests to reproduce JENKINS-42903 : HTML texts are not properly escaped This results HTML texts are always escaped since Jenkins >= 2.32.2.

          SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: ikedam
          Path:
          src/main/resources/jp/ikedam/jenkins/plugins/extensible_choice_parameter/ExtensibleChoiceParameterDefinition/config.jelly
          src/main/resources/jp/ikedam/jenkins/plugins/extensible_choice_parameter/ExtensibleChoiceParameterDefinition/index.jelly
          http://jenkins-ci.org/commit/extensible-choice-parameter-plugin/c781e2016331f2d8c4634d6a970a3dd77608c2d2
          Log:
          [FIXED JENKINS-42903] Sanitize parameter names and descriptions

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: src/main/resources/jp/ikedam/jenkins/plugins/extensible_choice_parameter/ExtensibleChoiceParameterDefinition/config.jelly src/main/resources/jp/ikedam/jenkins/plugins/extensible_choice_parameter/ExtensibleChoiceParameterDefinition/index.jelly http://jenkins-ci.org/commit/extensible-choice-parameter-plugin/c781e2016331f2d8c4634d6a970a3dd77608c2d2 Log: [FIXED JENKINS-42903] Sanitize parameter names and descriptions

          SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: ikedam
          Path:
          pom.xml
          src/main/resources/jp/ikedam/jenkins/plugins/extensible_choice_parameter/ExtensibleChoiceParameterDefinition/config.jelly
          src/main/resources/jp/ikedam/jenkins/plugins/extensible_choice_parameter/ExtensibleChoiceParameterDefinition/index.jelly
          src/test/java/jp/ikedam/jenkins/plugins/extensible_choice_parameter/ExtensibleChoiceParameterDefinitionJenkinsTest.java
          http://jenkins-ci.org/commit/extensible-choice-parameter-plugin/cbd310dea0974c4b6723a9d73b362cadb0f0fece
          Log:
          Merge pull request #31 from ikedam/feature/JENKINS-42903_SanitizeHtml

          JENKINS-42903 Sanitize names and descriptions

          Compare: https://github.com/jenkinsci/extensible-choice-parameter-plugin/compare/4a447650fbba...cbd310dea097

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: pom.xml src/main/resources/jp/ikedam/jenkins/plugins/extensible_choice_parameter/ExtensibleChoiceParameterDefinition/config.jelly src/main/resources/jp/ikedam/jenkins/plugins/extensible_choice_parameter/ExtensibleChoiceParameterDefinition/index.jelly src/test/java/jp/ikedam/jenkins/plugins/extensible_choice_parameter/ExtensibleChoiceParameterDefinitionJenkinsTest.java http://jenkins-ci.org/commit/extensible-choice-parameter-plugin/cbd310dea0974c4b6723a9d73b362cadb0f0fece Log: Merge pull request #31 from ikedam/feature/ JENKINS-42903 _SanitizeHtml JENKINS-42903 Sanitize names and descriptions Compare: https://github.com/jenkinsci/extensible-choice-parameter-plugin/compare/4a447650fbba...cbd310dea097

          ikedam added a comment -

          This change is included in extensible-choice-parameter-1.4.1.
          It will be available in the update center in a day.

          ikedam added a comment - This change is included in extensible-choice-parameter-1.4.1. It will be available in the update center in a day.

            ikedam ikedam
            ikedam ikedam
            Votes:
            2 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: