Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-54124

Raw HTML when Stapler Security Hardening enabled

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      After upgrading to 2.138.2 all links in columns are shown in raw HTML.  Looks like setting system property org.kohsuke.stapler.jelly.CustomJellyContext.escapeByDefault to false as noted here doesn't help.

      Setting org.kohsuke.stapler.jelly.CustomJellyContext.escapeByDefault to false helps.

        Attachments

          Activity

          Hide
          danielbeck Daniel Beck added a comment -

          Looks like setting system property org.kohsuke.stapler.jelly.CustomJellyContext.escapeByDefault to false as noted here doesn't help.

          Don't set it in the script console, set it on startup, before the UI could be cached.

          Show
          danielbeck Daniel Beck added a comment - Looks like setting system property org.kohsuke.stapler.jelly.CustomJellyContext.escapeByDefault to false as noted here  doesn't help. Don't set it in the script console, set it on startup, before the UI could be cached.
          Hide
          howaboutno Yura Kovalenko added a comment -

          Daniel Beck thanks, was my bad - needed to full-restart Jenkins with "service jenkins restart"

          Show
          howaboutno Yura Kovalenko added a comment - Daniel Beck thanks, was my bad - needed to full-restart Jenkins with "service jenkins restart"
          Show
          danielbeck Daniel Beck added a comment - Context: https://wiki.jenkins.io/display/JENKINS/Plugins+affected+by+2018-10-10+Stapler+security+hardening

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            howaboutno Yura Kovalenko
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated: