Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-54361

Plugin name doesn't match UI, docs stale

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      The Jenkins UI and docs refer to the "Safe HTML" markup formatter. But there is really no such thing.

      It is implemented by the "OWASP Markup Formatter Plugin" (which links to "plugins.jenkins.io/antisamy-markup-formatter").

      The "jenkinsci/antisamy-markup-formatter project has a 1.5 tag", and appears to be what Jenkins bundles.

      The plugin site mentions that policies are configurable, but there's no UI to configure policies. The "file with the extension in it, confusingly named RawHtmlMarkupFormatter" appears to have had any pluggability cut out, but the comment still reflects the old support:

      {{ // Use the policy defined above to sanitize the HTML.}}
      {{ HtmlSanitizer.sanitize(markup, MyspacePolicy.POLICY_DEFINITION.apply(renderer));}}

      so in practice it looks like you can only use the copy of the MyspacePolicy embedded in the plugin code.

      Hopefully this helps the next person who is utterly confused by this, when trying to figure out how to configure the "Safe HTML" formatter policy, allow additional tags in the "Safe HTML" markup formatter in Jenkins, etc.

        Attachments

          Activity

          ringerc Craig Ringer created issue -
          ringerc Craig Ringer made changes -
          Field Original Value New Value
          Description The Jenkins UI and docs refer to the "Safe HTML" markup formatter. But there is really no such thing.

          It is implemented by the ["OWASP Markup Formatter Plugin"|http://wiki.jenkins-ci.org/display/JENKINS/OWASP+Markup+Formatter+Plugin] (which links to ["plugins.jenkins.io/antisamy-markup-formatter"|https://plugins.jenkins.io/antisamy-markup-formatter]).

          The ["jenkinsci/antisamy-markup-formatter project has a 1.5 tag"|https://github.com/jenkinsci/antisamy-markup-formatter-plugin/tree/antisamy-markup-formatter-1.5], and appears to be what Jenkins bundles.

          The plugin site mentions that policies are configurable, but there's no UI to configure policies. The ["file with the extension in it, confusingly named RawHtmlMarkupFormatter"|https://github.com/jenkinsci/antisamy-markup-formatter-plugin/blob/antisamy-markup-formatter-1.5/src/main/java/hudson/markup/RawHtmlMarkupFormatter.java] appears to have had any pluggability cut out, but the comment still reflects the old support:

          {{
                  // Use the policy defined above to sanitize the HTML.
                  HtmlSanitizer.sanitize(markup, MyspacePolicy.POLICY_DEFINITION.apply(renderer));
          }}

          so in practice it looks like you can only use the copy of the MyspacePolicy embedded in the plugin code.

          Hopefully this helps the next person who is utterly confused by this, when trying to figure out how to configure the "Safe HTML" formatter policy, allow additional tags in the "Safe HTML" markup formatter in Jenkins, etc.
          The Jenkins UI and docs refer to the "Safe HTML" markup formatter. But there is really no such thing.

          It is implemented by the ["OWASP Markup Formatter Plugin"|http://wiki.jenkins-ci.org/display/JENKINS/OWASP+Markup+Formatter+Plugin] (which links to ["plugins.jenkins.io/antisamy-markup-formatter"|https://plugins.jenkins.io/antisamy-markup-formatter]).

          The ["jenkinsci/antisamy-markup-formatter project has a 1.5 tag"|https://github.com/jenkinsci/antisamy-markup-formatter-plugin/tree/antisamy-markup-formatter-1.5], and appears to be what Jenkins bundles.

          The plugin site mentions that policies are configurable, but there's no UI to configure policies. The ["file with the extension in it, confusingly named RawHtmlMarkupFormatter"|https://github.com/jenkinsci/antisamy-markup-formatter-plugin/blob/antisamy-markup-formatter-1.5/src/main/java/hudson/markup/RawHtmlMarkupFormatter.java] appears to have had any pluggability cut out, but the comment still reflects the old support:


          {{ // Use the policy defined above to sanitize the HTML.}}
          {{ HtmlSanitizer.sanitize(markup, MyspacePolicy.POLICY_DEFINITION.apply(renderer));}}

          so in practice it looks like you can only use the copy of the MyspacePolicy embedded in the plugin code.

          Hopefully this helps the next person who is utterly confused by this, when trying to figure out how to configure the "Safe HTML" formatter policy, allow additional tags in the "Safe HTML" markup formatter in Jenkins, etc.
          ringerc Craig Ringer made changes -
          Issue Type Bug [ 1 ] Improvement [ 4 ]
          ringerc Craig Ringer made changes -
          Issue Type Improvement [ 4 ] Patch [ 5 ]
          danielbeck Daniel Beck made changes -
          Resolution Fixed [ 1 ]
          Status Open [ 1 ] Closed [ 6 ]

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            ringerc Craig Ringer
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: