Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-46606

Stash-pullrequest-builder-plugin describes the job with verbatim HTML markup

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Maybe related to recent security revisions in Jenkins core, is that the job description provided by the Stash-pullrequest-builder-plugin (I guess) is posted as verbatim HTML markup of the a-href tag with URL to PR web-interface enclosing the title of the PR. This HTML markup ends up seen in both the Jenkins interface (list of built jobs on the left) and in the Stash Notifications plugin reports posted back to Stash (not the PR comments written by Stash-pullrequest-builder-plugin, but the "X builds failed" summary and the popup that details it in Stash web-gui).

       

      From suggestions in issue search, this may be related to JENKINS-22028, and if so - maybe the fix is to update documentation (Wiki page for the plugin).

        Attachments

          Activity

          Hide
          jimklimov Jim Klimov added a comment -

          Hints from https://issues.jenkins-ci.org/browse/JENKINS-22028 helped indeed, for the job list. Notifications posted via Stash Notification plugin are still passed with verbatim HTML though.

          Wiki doc not yet updated to pass this hint.

          Show
          jimklimov Jim Klimov added a comment - Hints from https://issues.jenkins-ci.org/browse/JENKINS-22028  helped indeed, for the job list. Notifications posted via Stash Notification plugin are still passed with verbatim HTML though. Wiki doc not yet updated to pass this hint.
          Hide
          proski Pavel Roskin added a comment -

          I don't see any issues with the text posted to the Stash PR pages.

          The job descriptions in Jenkins GUI are indeed not rendered by default. To make them show correctly, install "OWASP Markup Formatter Plugin" and enable HTML markup in Manage Jenkins -> Configure Global Security.

          Show
          proski Pavel Roskin added a comment - I don't see any issues with the text posted to the Stash PR pages. The job descriptions in Jenkins GUI are indeed not rendered by default. To make them show correctly, install "OWASP Markup Formatter Plugin" and enable HTML markup in Manage Jenkins -> Configure Global Security.
          Hide
          jimklimov Jim Klimov added a comment -

          Indeed, lately (for many months) I do not remember seeing this issue in practice, so either it got fixed or some plugin impacting it got fixed or installed (like you suggest).

          I'll close this as I currently can't reproduce for e.g. a screenshot of the problem. Links from the list of builds, and links from top of each build's own page, are working links and not raw markup.

          Show
          jimklimov Jim Klimov added a comment - Indeed, lately (for many months) I do not remember seeing this issue in practice, so either it got fixed or some plugin impacting it got fixed or installed (like you suggest). I'll close this as I currently can't reproduce for e.g. a screenshot of the problem. Links from the list of builds, and links from top of each build's own page, are working links and not raw markup.

            People

            Assignee:
            jimklimov Jim Klimov
            Reporter:
            jimklimov Jim Klimov
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: