Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-55790

Enable opt-out of RawHtmlMarkupFormatter processing

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Minor Minor
    • badge-plugin
    • None
    • badge-plugin 1.5 and newer
    • badge-1.8

      Commit 63a7744cef33338e62898576a50bcc521d76ba9f (in support of SECURITY-906) filters text passed to BadgeSummaryAction.appendText() through a RawHtmlMarkupFormatter, which prevents arbitrary URI schemes being rendered as hrefs (only http/mailto seem to be supported).

      I appreciate the intent behind this change, but for people who rely on being able to provide hyperlinked text to arbitrary URI schemes, it would be really useful to explicitly disable this (resulting in a call to getRawHtml() instead).

      The current implementation is a (very) reasonable default, but I would like the ability to explicitly select "give me the unsanitized HTML".

            bakito Marc Brugger
            tskrainar Tom Skrainar
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: