Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-72788

[github] Un-inlining JS in GitHubPushTrigger/config.groovy

XMLWordPrintable

    • 1.40.0

      Level easy
      Skills a bit of JavaScript, a bit of Groovy

      https://github.com/jenkinsci/github-plugin/blob/bda9cc0c37dc557d9a1e6e2cbd1684eee205c25d/src/main/resources/com/cloudbees/jenkins/GitHubPushTrigger/config.groovy#L12-L19 contains inline javascript.

      Reproduction steps

      • Install GitHub or clone https://github.com/jenkinsci/github-plugin and then mvn hpi:run
      • Create a freestyle project
      • You should be able to view the script on the configuration page
      • Check "GitHub hook trigger for GITScm polling" in the "Build Triggers" section
      • Reload the page
      • It should periodically send request to the "checkHookRegistered" endpoint

      Proposal

      https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks

      Testing notes

       - Ensure to reproduce the feature before any change
       - Ensure that you reproduce the feature after you have made the change

            Unassigned Unassigned
            yafenkin Yaroslav Afenkin
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: