-
Task
-
Resolution: Fixed
-
Minor
-
-
1.40.0
Level | easy |
Skills | a bit of JavaScript, a bit of Groovy |
https://github.com/jenkinsci/github-plugin/blob/bda9cc0c37dc557d9a1e6e2cbd1684eee205c25d/src/main/resources/com/cloudbees/jenkins/GitHubPushTrigger/config.groovy#L12-L19 contains inline javascript.
Reproduction steps
- Install GitHub or clone https://github.com/jenkinsci/github-plugin and then mvn hpi:run
- Create a freestyle project
- You should be able to view the script on the configuration page
- Check "GitHub hook trigger for GITScm polling" in the "Build Triggers" section
- Reload the page
- It should periodically send request to the "checkHookRegistered" endpoint
Proposal
https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks
Testing notes
- Ensure to reproduce the feature before any change
- Ensure that you reproduce the feature after you have made the change
- links to