Culprit:
WorkflowJob/configure-entries.jelly#L36

Reproduction steps:

• Install Pipeline: Job or clone https://github.com/jenkinsci/workflow-job-plugin and then mvn hpi:run
• Create a Pipeline
• Scroll down to the "Advanced Project Options" Section
• Click on "Advanced..."
• Change the value of the "Display Name" field
• Click anywhere on the page
• It should send a POST request with your value as a parameter

Screenshot attached about where the feature is displayed.

Proposal
https://www.jenkins.io/doc/developer/security/csp/#legacy-javascript-checkurl-validation

Testing notes

• Ensure to reproduce the feature before any change
• Ensure that you reproduce the feature after you have made the change