-
Improvement
-
Resolution: Fixed
-
Minor
eval call in hudson-behaviour.js renderOnDemand method
Culprit
Proposal
https://www.jenkins.io/doc/developer/security/csp/#eval-calls
Testing
- links to
eval call in hudson-behaviour.js renderOnDemand method
https://www.jenkins.io/doc/developer/security/csp/#eval-calls
This is a part of Stapler, so addressing this does not seem straightforward to me.
See:
At glance it might be possible to not build the makeStaplerProxy(...) call as string, but to assign separate attributes to an element, and then call makeStaplerProxy in JS in core instead of eval("makeStaplerProxy(...)"), but it requires deeper investigation.