Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-67245

warnings-ng recordIssues tool names presented with html escape codes

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • None
    • ECharts API Plugin 5.2.2-1, Warnings Next Generation 9.8.0

      When specifying a recordIssues pipeline step tool name that contains + characters, those + characters are replaced with the escape sequence (ampersand pound 43 semicolon) when presented on trend chart titles and in the build summary.  There may be other characters besides + effected by this issue.

       

      For example, the attached screenshots result from this:

      recordIssues tools: [clang(name: 'clang++ 11.x c++17', id: 'clang11_cpp17', pattern: 'build_log')]

          [JENKINS-67245] warnings-ng recordIssues tool names presented with html escape codes

          Ulli Hafner added a comment - - edited

          It is necessary to escape all characters to avoid security problems (all user provided content needs to be piped through our HTML sanitizer).

          Ulli Hafner added a comment - - edited It is necessary to escape all characters to avoid security problems (all user provided content needs to be piped through our HTML sanitizer ).

          I tried both "Text" and "Safe HTML" settings for the HTML Sanitizer configuration with the same results.  It presents the escape sequence on the UI instead of the intended characters in the trend chart titles, build summary, and the breadcrumb and title of the page when viewing the warnings.  Conversely, it correctly presents tool names with + in them in the left side-panel links.  Additionally, stage titles containing + characters are shown correctly in the Stage View on the pipeline landing page.  I added some more screenshots to show the differences.  I realize this isn't the most critical thing ever, but I'd still respectfully argue it's a bug worth fixing some day.  At the very least it seems like it should behave consistently.  If certain characters are disallowed in tool names, it would be helpful if the recordIssues snippet generator provided some clues.

          Tony Ciavarella added a comment - I tried both "Text" and "Safe HTML" settings for the HTML Sanitizer configuration with the same results.  It presents the escape sequence on the UI instead of the intended characters in the trend chart titles, build summary, and the breadcrumb and title of the page when viewing the warnings.  Conversely, it correctly presents tool names with + in them in the left side-panel links.  Additionally, stage titles containing + characters are shown correctly in the Stage View on the pipeline landing page.  I added some more screenshots to show the differences.  I realize this isn't the most critical thing ever, but I'd still respectfully argue it's a bug worth fixing some day.  At the very least it seems like it should behave consistently.  If certain characters are disallowed in tool names, it would be helpful if the recordIssues snippet generator provided some clues.

          Ulli Hafner added a comment - - edited

          Ok, sorry. Seems that I misunderstood the problem. I thought that the side panel link was incorrect and therefore I looked at the code for it and did realize that this might be the problem of our sanitizer. But actually that part is working.

          Ulli Hafner added a comment - - edited Ok, sorry. Seems that I misunderstood the problem. I thought that the side panel link was incorrect and therefore I looked at the code for it and did realize that this might be the problem of our sanitizer. But actually that part is working.

          The tool name appears to be getting doubly escaped in the cases where it's showing up incorrectly.  Viewing the HTML page source shows what seems to be the escape sequence escaped again.

          Here's what the HTML for the trend chart title looks like for the example in the description:

          <div class="test-trend-caption">clang&amp;#43;&amp;#43; 11.x c&amp;#43;&amp;#43;17 Warnings Trend</div>

          Tony Ciavarella added a comment - The tool name appears to be getting doubly escaped in the cases where it's showing up incorrectly.  Viewing the HTML page source shows what seems to be the escape sequence escaped again. Here's what the HTML for the trend chart title looks like for the example in the description: <div class= "test-trend-caption" > clang&amp;#43;&amp;#43; 11.x c&amp;#43;&amp;#43;17 Warnings Trend </div>

          Ulli Hafner added a comment -

          I see, that makes a fix quite easy. I just need to spot the invocations...

          Ulli Hafner added a comment - I see, that makes a fix quite easy. I just need to spot the invocations...

          This is fixed for me in warnings-ng 9.10.1.  Thank you!

          Tony Ciavarella added a comment - This is fixed for me in warnings-ng 9.10.1.  Thank you!

            drulli Ulli Hafner
            aac76 Tony Ciavarella
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: