-
Task
-
Resolution: Fixed
-
Minor
| Level | easy |
| Skills | a bit of JavaScript, a bit of Groovy |
https://github.com/jenkinsci/github-plugin/blob/bda9cc0c37dc557d9a1e6e2cbd1684eee205c25d/src/main/resources/com/cloudbees/jenkins/GitHubPushTrigger/config.groovy#L12-L19 contains inline javascript.
Reproduction steps
- Install GitHub or clone https://github.com/jenkinsci/github-plugin and then mvn hpi:run
- Create a freestyle project
- You should be able to view the script on the configuration page
- Check "GitHub hook trigger for GITScm polling" in the "Build Triggers" section
- Reload the page
- It should periodically send request to the "checkHookRegistered" endpoint
Proposal
https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks
Testing notes
- Ensure to reproduce the feature before any change
- Ensure that you reproduce the feature after you have made the change
- links to
[JENKINS-72788] [github] Un-inlining JS in GitHubPushTrigger/config.groovy
Yaroslav Afenkin
created issue -
| Summary | Original: [giithub] Un-inlining JS in GitHubPushTrigger/config.groovy | New: [github] Un-inlining JS in GitHubPushTrigger/config.groovy |
| Description | Original: [https://github.com/jenkinsci/github-plugin/blob/bda9cc0c37dc557d9a1e6e2cbd1684eee205c25d/src/main/resources/com/cloudbees/jenkins/GitHubPushTrigger/config.groovy#L12-L19] contains inline javascript. |
New:
|Level|*easy*|
|Skills|a bit of JavaScript, a bit of Groovy| [https://github.com/jenkinsci/github-plugin/blob/bda9cc0c37dc557d9a1e6e2cbd1684eee205c25d/src/main/resources/com/cloudbees/jenkins/GitHubPushTrigger/config.groovy#L12-L19] contains inline javascript. h4.Reproduction steps - Install [GitHub|https://plugins.jenkins.io/github/] or clone [https://github.com/jenkinsci/github-plugin] and then {{mvn hpi:run}} - Create a freestyle project - You should be able to view the script on the configuration page - Check "GitHub hook trigger for GITScm polling" in the "Build Triggers" section - Reload the page - It should periodically send request to the "checkHookRegistered" endpoint h4.Proposal https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks h4.Testing notes - Ensure to reproduce the feature before any change - Ensure that you reproduce the feature after you have made the change |
| Labels | New: hacktoberfest newbie-friendly |
| Attachment | New: doCheckHookRegistered.png [ 62183 ] | |
| Attachment | New: inlineJS.png [ 62184 ] |
| Labels | Original: hacktoberfest newbie-friendly | New: newbie-friendly |
| Assignee | Original: Kirill Merkushev [ lanwen ] | New: Harsh [ harsh_1806 ] |
| Assignee | Original: Harsh [ harsh_1806 ] |
Yaroslav Afenkin
made changes -
| Remote Link | New: This issue links to "jenkinsci/github-plugin/pull/383 (Web Link)" [ 30031 ] |
Yaroslav Afenkin
made changes -
| Status | Original: Open [ 1 ] | New: In Progress [ 3 ] |
Yaroslav Afenkin
made changes -
| Status | Original: In Progress [ 3 ] | New: In Review [ 10005 ] |
Yaroslav Afenkin
made changes -
| Released As | New: 1.40.0 | |
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: In Review [ 10005 ] | New: Closed [ 6 ] |