Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-54124

Raw HTML when Stapler Security Hardening enabled

      After upgrading to 2.138.2 all links in columns are shown in raw HTML.  Looks like setting system property org.kohsuke.stapler.jelly.CustomJellyContext.escapeByDefault to false as noted here doesn't help.

      Setting org.kohsuke.stapler.jelly.CustomJellyContext.escapeByDefault to false helps.

          [JENKINS-54124] Raw HTML when Stapler Security Hardening enabled

          Daniel Beck added a comment -

          Looks like setting system property org.kohsuke.stapler.jelly.CustomJellyContext.escapeByDefault to false as noted here doesn't help.

          Don't set it in the script console, set it on startup, before the UI could be cached.

          Daniel Beck added a comment - Looks like setting system property org.kohsuke.stapler.jelly.CustomJellyContext.escapeByDefault to false as noted here  doesn't help. Don't set it in the script console, set it on startup, before the UI could be cached.

          danielbeck thanks, was my bad - needed to full-restart Jenkins with "service jenkins restart"

          Yura Kovalenko added a comment - danielbeck thanks, was my bad - needed to full-restart Jenkins with "service jenkins restart"

          Daniel Beck added a comment -

          Daniel Beck added a comment - Context: https://wiki.jenkins.io/display/JENKINS/Plugins+affected+by+2018-10-10+Stapler+security+hardening

            Unassigned Unassigned
            howaboutno Yura Kovalenko
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: