-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Minor
-
Component/s: extensible-choice-parameter-plugin
-
Environment:extensible-choice-parameter-1.3.3
Jenkins >= 2.32.2
Jenkins >= 2.44
HTMLs in the description is no longer displayed without escaping for SECURITY-353.
To fix:
- use `ParameterDefinition#getFormattedDescription` introduced in Jenkins-1.521.
- 1.532 is the least LTS.
- Set `escapeEntryTitleAndDescription` to false.
It might be useful if itroducing the previewing feature like this:
<f:textarea name="parameter.description" value="${instance.description}" codemirror-mode="${app.markupFormatter.codeMirrorMode}" codemirror-config="${app.markupFormatter.codeMirrorConfig}" previewEndpoint="/markupFormatter/previewDescription" />
- This is introduced since Jenkins-1.554.
- is related to
-
-
- Resolved
-
