Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-51970

SafeHTML description rendered drops hyperlinks using URIs like irc, ssh,...

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Apparently you can put a `<a href="https://example.com">example.com</a> inside build description but if you try URLs like ssh://example.com or irc://chanell it would strip them from the output.

      Having URIs inside a way page is not insecure and it should not be up to the SafeHTML to drop them. These URI are handled by external applications and is up to the browser to assure their security as they have to affect on security of the web server itself.

      Because these are dropped the overall user experience is crippled as it prevents job maintainers to provide smart links that could help developers debug the issues.

      List of URIs that should be allowed (maybe any URI should be allowed because different applications can develop their own URI handlers):

      • irc://
      • ssh://
      • finger://
      • slack://

       

        Attachments

          Activity

          There are no comments yet on this issue.

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            ssbarnea Sorin Sbarnea
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated: