-
Patch
-
Resolution: Fixed
-
Minor
-
None
-
Jenkins 2.138.2, OWASP Markup Formatter Plugin 1.5
The Jenkins UI and docs refer to the "Safe HTML" markup formatter. But there is really no such thing.
It is implemented by the "OWASP Markup Formatter Plugin" (which links to "plugins.jenkins.io/antisamy-markup-formatter").
The "jenkinsci/antisamy-markup-formatter project has a 1.5 tag", and appears to be what Jenkins bundles.
The plugin site mentions that policies are configurable, but there's no UI to configure policies. The "file with the extension in it, confusingly named RawHtmlMarkupFormatter" appears to have had any pluggability cut out, but the comment still reflects the old support:
{{ // Use the policy defined above to sanitize the HTML.}}
{{ HtmlSanitizer.sanitize(markup, MyspacePolicy.POLICY_DEFINITION.apply(renderer));}}
so in practice it looks like you can only use the copy of the MyspacePolicy embedded in the plugin code.
Hopefully this helps the next person who is utterly confused by this, when trying to figure out how to configure the "Safe HTML" formatter policy, allow additional tags in the "Safe HTML" markup formatter in Jenkins, etc.
[JENKINS-54361] Plugin name doesn't match UI, docs stale
Craig Ringer
added a comment - Created pull for the github repo : https://github.com/jenkinsci/antisamy-markup-formatter-plugin/pull/8
Craig Ringer
added a comment - Created pull for the github repo : https://github.com/jenkinsci/antisamy-markup-formatter-plugin/pull/8 Seems obsolete now, and https://github.com/jenkinsci/antisamy-markup-formatter-plugin/pull/19 should address it even further.
I updated the wiki page.
I don't have the access to update the plugins page, or the github repository's descriptive text. Both should really be changed to mention the three names it gets referred to, and the fact it's not configurable (anymore?).