[JENKINS-44987] List view section name do not resolve <div> tag anymore

Type: Bug
Resolution: Fixed
Priority: Minor
Component/s: sectioned-view-plugin
Labels:
None
Environment:
Jenkins ver. 2.46.3 LTS
All plugins up-to-date
Windows server 2012

Similar Issues:
Powered by SuggestiMate

Show

After we migrated from V2.46.2 to V2.46.3 and updated all plugins the sectioned views do not display like before.

The name field do not display this kind of syntax anymore :

<div id="unstable_fitnesse_builds">Unstable FitNesse Builds</div>

Thanks for your help.

./Frederic

is duplicated by

JENKINS-45523 Sections title do not render HTML anymore (even with "anything-goes-formatter")

Closed

Oliver Gondža added a comment - 2017-07-11 08:39

This was disallowed explicitly as any markup or javascript could have been added.

Oliver Gondža added a comment - 2017-07-11 08:39 This was disallowed explicitly as any markup or javascript could have been added.

Frédéric Meyrou added a comment - 2017-07-11 11:49 - edited

Thanks Olivier for this information. Security limitations are becoming a big hasshole... any chance we can continue to just work with Jenkins...when we use it with a less secure internal network agreement level?

Frédéric Meyrou added a comment - 2017-07-11 11:49 - edited Thanks Olivier for this information. Security limitations are becoming a big hasshole... any chance we can continue to just work with Jenkins...when we use it with a less secure internal network agreement level?

Oliver Gondža added a comment - 2017-07-11 11:53 - edited

I suspect this "feature" was introduced by accident when html escaping was simply forgotten. The proper way to bring it back is to push the name through administrator configured formatter that can be more or less strict about what you pass in depending on how you feel about security.

Oliver Gondža added a comment - 2017-07-11 11:53 - edited I suspect this "feature" was introduced by accident when html escaping was simply forgotten. The proper way to bring it back is to push the name through administrator configured formatter that can be more or less strict about what you pass in depending on how you feel about security.

SCM/JIRA link daemon added a comment - 2017-08-17 14:55

Code changed in jenkins
User: Oliver Gondža
Path:
pom.xml
src/main/java/hudson/plugins/sectioned_view/SectionedViewSection.java
src/main/resources/hudson/plugins/sectioned_view/JobGraphsSection/main.jelly
src/main/resources/hudson/plugins/sectioned_view/ListViewSection/main.jelly
src/main/resources/hudson/plugins/sectioned_view/TestResultViewSection/main.jelly
src/main/resources/hudson/plugins/sectioned_view/TextSection/main.jelly
src/main/resources/hudson/plugins/sectioned_view/ViewListingSection/main.jelly
src/test/java/hudson/plugins/sectioned_view/SectionedViewTest.java
http://jenkins-ci.org/commit/sectioned-view-plugin/8524de2b59206de1aa7ca2d6d6eabe3ce09d8510
Log:
[FIXED JENKINS-44987] Push section names through markup formatter

SCM/JIRA link daemon added a comment - 2017-08-17 14:55 Code changed in jenkins User: Oliver Gondža Path: pom.xml src/main/java/hudson/plugins/sectioned_view/SectionedViewSection.java src/main/resources/hudson/plugins/sectioned_view/JobGraphsSection/main.jelly src/main/resources/hudson/plugins/sectioned_view/ListViewSection/main.jelly src/main/resources/hudson/plugins/sectioned_view/TestResultViewSection/main.jelly src/main/resources/hudson/plugins/sectioned_view/TextSection/main.jelly src/main/resources/hudson/plugins/sectioned_view/ViewListingSection/main.jelly src/test/java/hudson/plugins/sectioned_view/SectionedViewTest.java http://jenkins-ci.org/commit/sectioned-view-plugin/8524de2b59206de1aa7ca2d6d6eabe3ce09d8510 Log: [FIXED JENKINS-44987] Push section names through markup formatter

Krip added a comment - 2017-08-17 15:47

Thanks olivergondza for the fix !

Krip added a comment - 2017-08-17 15:47 Thanks olivergondza for the fix !

Assignee:: Timothy Bingaman

Reporter:: Frédéric Meyrou

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2017-06-20 06:01

Updated:: 2017-08-17 15:47

Resolved:: 2017-08-17 14:55

Jenkins

Details

Description

Attachments

Issue Links

Activity

Collapse comment: Oliver Gondža added a comment - 2017-07-11 08:39

Expand comment: Oliver Gondža added a comment - 2017-07-11 08:39

Collapse comment: Frédéric Meyrou added a comment - 2017-07-11 11:49, Edited by Frédéric Meyrou - 2017-07-11 11:49

Expand comment: Frédéric Meyrou added a comment - 2017-07-11 11:49, Edited by Frédéric Meyrou - 2017-07-11 11:49

Collapse comment: Oliver Gondža added a comment - 2017-07-11 11:53, Edited by Oliver Gondža - 2017-07-11 11:54

Expand comment: Oliver Gondža added a comment - 2017-07-11 11:53, Edited by Oliver Gondža - 2017-07-11 11:54

Collapse comment: SCM/JIRA link daemon added a comment - 2017-08-17 14:55

Expand comment: SCM/JIRA link daemon added a comment - 2017-08-17 14:55

Collapse comment: Krip added a comment - 2017-08-17 15:47

Expand comment: Krip added a comment - 2017-08-17 15:47

People

Dates