Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-42903

HTML in description is always escaped

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • extensible-choice-parameter-plugin
    • None
    • extensible-choice-parameter-1.3.3
      Jenkins >= 2.32.2
      Jenkins >= 2.44

      HTMLs in the description is no longer displayed without escaping for SECURITY-353.

      To fix:

      • use `ParameterDefinition#getFormattedDescription` introduced in Jenkins-1.521.
        • 1.532 is the least LTS.
      • Set `escapeEntryTitleAndDescription` to false.

      It might be useful if itroducing the previewing feature like this:

          <f:textarea name="parameter.description" value="${instance.description}" codemirror-mode="${app.markupFormatter.codeMirrorMode}" codemirror-config="${app.markupFormatter.codeMirrorConfig}" previewEndpoint="/markupFormatter/previewDescription" />
      • This is introduced since Jenkins-1.554.

        1. image-2017-03-27-13-47-34-456.png
          image-2017-03-27-13-47-34-456.png
          67 kB

            ikedam ikedam
            ikedam ikedam
            Votes:
            2 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: