Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-71013

[core] Create the list of CSP non-compliant code location

    • Icon: Task Task
    • Resolution: Done
    • Icon: Major Major
    • core
    • None

      This ticket will cover the discovery of all the code from core that is not compliant with CSP. It could be regular inline JavaScript script tag, inline event handler, etc.

      See the other tickets in JENKINS-60865 to have examples of potential issues.

      Acceptance criteria:

      • All the non-compliant code location from Jenkins core is listed in the epic JENKINS-71014

          [JENKINS-71013] [core] Create the list of CSP non-compliant code location

          I listed manually (by looking at code) on Jenkins v2.387.1 all uses of inline JavaScript and created JENKINS tickets for them.

          For a total of 22 affected Jelly file.

          I didn't create tickets for inline CSS uses.

          Kevin Guerroudj added a comment - I listed manually (by looking at code) on Jenkins v2.387.1 all uses of inline JavaScript and created JENKINS tickets for them. For a total of 22 affected Jelly file. I didn't create tickets for inline CSS uses.

          Kevin Guerroudj added a comment - - edited

          Yaroslav took a different approach to the listing and identified additional eval calls.

          I reviewed his work and added some missed inline JavaScript. (LTS 2.401.3)

          Kevin Guerroudj added a comment - - edited Yaroslav took a different approach to the listing and identified additional eval calls. I reviewed his work and added some missed inline JavaScript. (LTS 2.401.3)

            kevingrdj Kevin Guerroudj
            wfollonier Wadeck Follonier
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: