[JENKINS-74233] [JiraTestResultReporter] Extract inline script block and event handlers in org/jenkinsci/plugins/JiraTestResultReporter/JiraTestDataPublisher/config.jelly

Type: Task
Resolution: Fixed
Priority: Minor
Component/s: jiratestresultreporter-plugin
Labels:
- CSP

Similar Issues:
Powered by SuggestiMate

Show
Epic Link:
CSP compatibility for Jenkins plugins
Released As:
243.v742d96717a_5e

Problems

== Inline Script Block
Line: 70
----
<script>
        /*
        Ugly hack part 1. See JiraTestDataPublisherDescriptor.validateFieldConfigs for part2.
        Since Jenkins does not offer a way to send the hetero-list for validation, I'm constructing
        the whole form and sending it.
        */
        function validateFieldConfings() {
            var errorDiv = document.getElementById('JiraIssueConfigErrors');
            spinner = document.getElementById('jiraSpinner');
            spinner.style.display = "inline"
            var form = document.getElementsByName("config")[0];
            buildFormTree(form);
            var jsonElement = null;
            for( var i=0; i != form.elements.length; i++ ) {
                var e = form.elements[i];
                if(e.name == "json") {
                    jsonElement = e;
                    break;
                }
            }

            var descriptor = <st:bind value="${descriptor}"/>
            var socketTimeout = setTimeout( function() {
                spinner.style.display = "none"
                errorDiv.innerHTML = "Validation Failed: Socket Timeout. The issue was probably created, but the server did not respond in a timely manner. Please try again.";
                }, 30000);
            descriptor.validateFieldConfigs(jsonElement.value, function(rsp) {
                clearTimeout(socketTimeout);
                spinner.style.display = "none"
                applyErrorMessage(errorDiv, rsp);
            });
        }


        function hideshow(which){
            if (!document.getElementById)
                return
            if (which.style.display=="block")
                which.style.display="none"
            else
                which.style.display="block"
        }

    </script>
----

== Inline Event Handler
Line: 42
----
<button id="validateJiraIssueConfig" type="button" onClick="validateFieldConfings()">
----

== Inline Event Handler
Line: 44
----
<l:icon class="icon-help icon-sm" style="cursor:pointer" onclick="hideshow(document.getElementById('helpValidateJiraIssueConfig'))"/>
----

Solutions

https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks
https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers

links to

jenkinsci/JiraTestResultReporter-plugin/pull/181

Basil Crow created issue - 2024-10-23 23:37

Basil Crow made changes - 2024-10-24 00:47

Assignee

Original: Catalin Luta [ catalinluta ]

Basil Crow made changes - 2024-10-24 15:03

Description	Original: h4. Problems {noformat} == Inline Event Handler Line: 42 ---- <button id="validateJiraIssueConfig" type="button" onClick="validateFieldConfings()"> ---- == Inline Event Handler Line: 44 ---- <l:icon class="icon-help icon-sm" style="cursor:pointer" onclick="hideshow(document.getElementById('helpValidateJiraIssueConfig'))"/> ---- == Inline Script Block Line: 70 ---- <script> /* Ugly hack part 1. See JiraTestDataPublisherDescriptor.validateFieldConfigs for part2. Since Jenkins does not offer a way to send the hetero-list for validation, I'm constructing the whole form and sending it. / function validateFieldConfings() { var errorDiv = document.getElementById('JiraIssueConfigErrors'); spinner = document.getElementById('jiraSpinner'); spinner.style.display = "inline" var form = document.getElementsByName("config")[0]; buildFormTree(form); var jsonElement = null; for( var i=0; i != form.elements.length; i++ ) { var e = form.elements[i]; if(e.name == "json") { jsonElement = e; break; } } var descriptor = <st:bind value="${descriptor}"/> var socketTimeout = setTimeout( function() { spinner.style.display = "none" errorDiv.innerHTML = "Validation Failed: Socket Timeout. The issue was probably created, but the server did not respond in a timely manner. Please try again."; }, 30000); descriptor.validateFieldConfigs(jsonElement.value, function(rsp) { clearTimeout(socketTimeout); spinner.style.display = "none" applyErrorMessage(errorDiv, rsp); }); } function hideshow(which){ if (!document.getElementById) return if (which.style.display=="block") which.style.display="none" else which.style.display="block" } </script> ---- == Inline Event Handler Line: 42 ---- <button id="validateJiraIssueConfig" type="button" onClick="validateFieldConfings()"> ---- == Inline Event Handler Line: 44 ---- <l:icon class="icon-help icon-sm" style="cursor:pointer" onclick="hideshow(document.getElementById('helpValidateJiraIssueConfig'))"/> ---- == Inline Script Block Line: 70 ---- <script> / Ugly hack part 1. See JiraTestDataPublisherDescriptor.validateFieldConfigs for part2. Since Jenkins does not offer a way to send the hetero-list for validation, I'm constructing the whole form and sending it. */ function validateFieldConfings() { var errorDiv = document.getElementById('JiraIssueConfigErrors'); spinner = document.getElementById('jiraSpinner'); spinner.style.display = "inline" var form = document.getElementsByName("config")[0]; buildFormTree(form); var jsonElement = null; for( var i=0; i != form.elements.length; i++ ) { var e = form.elements[i]; if(e.name == "json") { jsonElement = e; break; } } var descriptor = <st:bind value="${descriptor}"/> var socketTimeout = setTimeout( function() { spinner.style.display = "none" errorDiv.innerHTML = "Validation Failed: Socket Timeout. The issue was probably created, but the server did not respond in a timely manner. Please try again."; }, 30000); descriptor.validateFieldConfigs(jsonElement.value, function(rsp) { clearTimeout(socketTimeout); spinner.style.display = "none" applyErrorMessage(errorDiv, rsp); }); } function hideshow(which){ if (!document.getElementById) return if (which.style.display=="block") which.style.display="none" else which.style.display="block" } </script> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers]	New: h4. Problems {noformat} == Inline Script Block Line: 70 ---- <script> /* Ugly hack part 1. See JiraTestDataPublisherDescriptor.validateFieldConfigs for part2. Since Jenkins does not offer a way to send the hetero-list for validation, I'm constructing the whole form and sending it. */ function validateFieldConfings() { var errorDiv = document.getElementById('JiraIssueConfigErrors'); spinner = document.getElementById('jiraSpinner'); spinner.style.display = "inline" var form = document.getElementsByName("config")[0]; buildFormTree(form); var jsonElement = null; for( var i=0; i != form.elements.length; i++ ) { var e = form.elements[i]; if(e.name == "json") { jsonElement = e; break; } } var descriptor = <st:bind value="${descriptor}"/> var socketTimeout = setTimeout( function() { spinner.style.display = "none" errorDiv.innerHTML = "Validation Failed: Socket Timeout. The issue was probably created, but the server did not respond in a timely manner. Please try again."; }, 30000); descriptor.validateFieldConfigs(jsonElement.value, function(rsp) { clearTimeout(socketTimeout); spinner.style.display = "none" applyErrorMessage(errorDiv, rsp); }); } function hideshow(which){ if (!document.getElementById) return if (which.style.display=="block") which.style.display="none" else which.style.display="block" } </script> ---- == Inline Event Handler Line: 42 ---- <button id="validateJiraIssueConfig" type="button" onClick="validateFieldConfings()"> ---- == Inline Event Handler Line: 44 ---- <l:icon class="icon-help icon-sm" style="cursor:pointer" onclick="hideshow(document.getElementById('helpValidateJiraIssueConfig'))"/> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers]
Summary	Original: [JiraTestResultReporter] Extract inline script blocks and event handlers in org/jenkinsci/plugins/JiraTestResultReporter/JiraTestDataPublisher/config.jelly	New: [JiraTestResultReporter] Extract inline script block and event handlers in org/jenkinsci/plugins/JiraTestResultReporter/JiraTestDataPublisher/config.jelly

Yaroslav Afenkin made changes - 2024-11-13 10:56

Assignee

New: Yaroslav Afenkin [ yafenkin ]

Yaroslav Afenkin made changes - 2024-11-13 16:36

Status

Original: Open [ 1 ]

New: In Progress [ 3 ]

Yaroslav Afenkin made changes - 2024-11-13 16:53

Remote Link

New: This issue links to "jenkinsci/JiraTestResultReporter-plugin/pull/181 (Web Link)" [ 30203 ]

Yaroslav Afenkin made changes - 2024-11-13 16:54

Status

Original: In Progress [ 3 ]

New: In Review [ 10005 ]

Basil Crow added a comment - 2024-11-13 21:28

Fixed in https://github.com/jenkinsci/JiraTestResultReporter-plugin/pull/181. Released in 243.v742d96717a_5e.

Basil Crow added a comment - 2024-11-13 21:28 Fixed in https://github.com/jenkinsci/JiraTestResultReporter-plugin/pull/181 . Released in 243.v742d96717a_5e .

Basil Crow made changes - 2024-11-13 21:28

Released As		New: 243.v742d96717a_5e
Resolution		New: Fixed [ 1 ]
Status	Original: In Review [ 10005 ]	New: Closed [ 6 ]

Assignee:: Yaroslav Afenkin

Reporter:: Basil Crow

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2024-10-23 23:37

Updated:: 2024-11-13 21:28

Resolved:: 2024-11-13 21:28

Jenkins

Details

Description

Problems

Solutions

Attachments

Issue Links

Activity

Collapse comment: Basil Crow added a comment - 2024-11-13 21:28

Expand comment: Basil Crow added a comment - 2024-11-13 21:28

People

Dates