See JENKINS-66755 for origins of the request.

From my understanding, there might be parameters that produce auto-generated names of some predictable type that collide with Jenkins safeParameter filter introduced with SECURITY-170. It feels to me that in addition to a list of specific parameters to be allowed - ParametersAction.safeParameters=FOO,BAR_baz,quX - one could benefit from another option with a list of masks to allow - something like ParametersAction.safeParametersMasks=FOO-*,Bar-*-BAR  - or even -  ParametersAction.safeParametersRegex=separator-\w{8}-\w{4}-\w{4}-\w{4}\w{12}|FOO-.* .

I understand that this might theoretically introduce some other security issue, like "malicious plugin creates malicious separator-PWNDPWND-PWND-PWND-PWND-PWNDPWNDPWND - but it feels much less disastrous than just shutting down all parameters checking via keepUndefinedParameters=true or ignoring the problem altogether via keepUndefinedParameters=false .