Thanks for the report and for the taking your time to provide detailed description and screenshots.

We were preparing a release for the next days (waiting till pending pull request gets reviewed/tested by other maintainers). I will try to include some time to take a look and try to reproduce/fix this one.

Bruno

apottere first I would upgrade Active Choices to the latest release.

I have used antisamy-markup-formatter v2.0 successfully with Active Choices v2.2.3 on Jenkins LTS v2.222.1

Please, make sure that in Jenkins 'Configure Global Security' the Markup Formatter option is set to 'Safe HTML' Hope this helps.

ioannis The issue occurs whether the Markup Formatter option is set to Plain Text or Safe HTML.

I wasn't able to find version 2.2.3 of the Active choices plugin, either in GitHub Releases (https://github.com/jenkinsci/active-choices-plugin/releases) or the update site (https://updates.jenkins.io/download/plugins/uno-choice/).  From the README (https://github.com/jenkinsci/active-choices-plugin#version-23-2020) it looks like 2.3 is the next pending version.

apottere It's possible that I have an intermediate AC snapshot as I usually do some testing before final release. Nonetheless, I seriously doubt that the issue will turn out to be active choices itself. You seem to have isolated the issue to the antisamy-markup-formatter-plugin v2.0, but all I'm saying is that this version works for me and my (rather permissive Jenkins instance)

I use the following Jenkins startup parameters that you may also want to test. I suspect that the CustomJellyContext may be of special interest here

-Dhudson.model.DirectoryBrowserSupport.CSP= -Dorg.kohsuke.stapler.jelly.CustomJellyContext.escapeByDefault="false"

ioannis sorry, must have missed the email for your comment.  I created a git repo with a run script, the current versions of both plugins, and the java opts you specify.  When I run it, the input field is not displayed.

https://github.com/apottere/JENKINS-62215

I also included ".bak" versions of both plugins, which are the older (working) versions.  Let me know if you get different results.

It looks like this was an intentional change in the markup-formatter plugin: https://github.com/jenkinsci/antisamy-markup-formatter-plugin/pull/12

It really seems like there's no way you should be able to see `input` fields with any version of the Active Choices plugin after that markup formatter update.  Either this issue should be fixed or the docs for Active Choices should be updated to make it clear that using form fields is no longer an option with the groovy sandbox (and the corresponding sanitation).