Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-74072

[dependency-check-jenkins-plugin] Extract inline script block in org/jenkinsci/plugins/DependencyCheck/ResultAction/index.jelly

XMLWordPrintable

    • 5.5.2

      Note

      While testing this plugin, evaluate whether the third-party libraries inĀ src/main/webapp/js/libs are compatible with CSP in restrictive mode. The libraries may call eval, which is not allowed in restrictive mode.

      Problem

      == Inline Script Block
Line: 45
----
<script type="text/javascript">
                var view = <st:bind value="${it}"/>

                view.getSeverityDistributionJson(function (data) {
                    var json = data.responseJSON;
                    generateSeverityDistributionBar("severity-distribution", "Severity Distribution",
                    json.critical, json.high, json.medium, json.low, json.info, json.unassigned);
                });

                view.getFindingsJson(function (data) {
                    (function ($) {
                        $('.table').footable(data.responseJSON);
                    })(jQuery);
                });
            </script>
----

      Solution

      https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks

            yafenkin Yaroslav Afenkin
            basil Basil Crow
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: