-
Task
-
Resolution: Unresolved
-
Minor
Problems
== Inline Script Block
Line: 30
----
<script type="text/javascript"><![CDATA[
function populateJiraFields(checkUrl,paramList,button) {
button = button._button;
var parameters = {};
paramList.split(',').forEach(function(name) {
var p = findPreviousFormItem(button,name);
if(p!=null) {
if(p.type=="checkbox") parameters[name] = p.checked;
else parameters[name] = p.value;
}
});
var spinner = button.closest("DIV").nextElementSibling;
var target = spinner.nextElementSibling;
spinner.style.display="block";
fetch(checkUrl, {
method: "POST",
headers: crumb.wrap({
"Content-Type": "application/x-www-form-urlencoded",
}),
body: new URLSearchParams(parameters),
}).then((rsp) => {
rsp.text().then((responseText) => {
spinner.style.display="none";
var i;
target.innerHTML = rsp.status==200 ? responseText
: '<a href="" onclick="document.getElementById(\'valerr' + (i=iota++)
+ '\').style.display=\'block\';return false">ERROR</a><div id="valerr'
+ i + '" style="display:none">' + responseText + '</div>';
Behaviour.applySubtree(target);
layoutUpdateCallback.call();
var s = rsp.headers.get("script");
try {
geval(s);
} catch(e) {
window.alert("failed to evaluate "+s+"\n"+e.message);
}
});
});
}
]]></script>
----
== Inline Event Handler
Line: 60
----
<a href="" onclick="document.getElementById(\'valerr' + (i=iota++)
+ '\').style.display=\'block\';return false">
----
== Inline Event Handler
Line: 77
----
<input type="button" value="Find Field IDs" class="yui-button validate-button"
onclick="populateJiraFields('${descriptor.descriptorFullUrl}/queryJiraFields', 'issueKey',this)" />
----
Solutions
https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks
https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers
[JENKINS-74245] [jira-ext] Extract inline script block and event handlers in org/jenkinsci/plugins/jiraext/view/AddLabelToField/config.jelly
Basil Crow
created issue -
Basil Crow
made changes -
| Assignee | Original: Dan Alvizu [ dalvizu ] |
Basil Crow
made changes -
| Description |
Original:
h4. Problems {noformat} == Inline Event Handler Line: 60 ---- <a href="" onclick="document.getElementById(\'valerr' + (i=iota++) + '\').style.display=\'block\';return false"> ---- == Inline Event Handler Line: 77 ---- <input type="button" value="Find Field IDs" class="yui-button validate-button" onclick="populateJiraFields('${descriptor.descriptorFullUrl}/queryJiraFields', 'issueKey',this)" /> ---- == Inline Script Block Line: 30 ---- <script type="text/javascript"><![CDATA[ function populateJiraFields(checkUrl,paramList,button) { button = button._button; var parameters = {}; paramList.split(',').forEach(function(name) { var p = findPreviousFormItem(button,name); if(p!=null) { if(p.type=="checkbox") parameters[name] = p.checked; else parameters[name] = p.value; } }); var spinner = button.closest("DIV").nextElementSibling; var target = spinner.nextElementSibling; spinner.style.display="block"; fetch(checkUrl, { method: "POST", headers: crumb.wrap({ "Content-Type": "application/x-www-form-urlencoded", }), body: new URLSearchParams(parameters), }).then((rsp) => { rsp.text().then((responseText) => { spinner.style.display="none"; var i; target.innerHTML = rsp.status==200 ? responseText : '<a href="" onclick="document.getElementById(\'valerr' + (i=iota++) + '\').style.display=\'block\';return false">ERROR</a><div id="valerr' + i + '" style="display:none">' + responseText + '</div>'; Behaviour.applySubtree(target); layoutUpdateCallback.call(); var s = rsp.headers.get("script"); try { geval(s); } catch(e) { window.alert("failed to evaluate "+s+"\n"+e.message); } }); }); } ]]></script> ---- == Inline Event Handler Line: 60 ---- <a href="" onclick="document.getElementById(\'valerr' + (i=iota++) + '\').style.display=\'block\';return false"> ---- == Inline Event Handler Line: 77 ---- <input type="button" value="Find Field IDs" class="yui-button validate-button" onclick="populateJiraFields('${descriptor.descriptorFullUrl}/queryJiraFields', 'issueKey',this)" /> ---- == Inline Script Block Line: 30 ---- <script type="text/javascript"><![CDATA[ function populateJiraFields(checkUrl,paramList,button) { button = button._button; var parameters = {}; paramList.split(',').forEach(function(name) { var p = findPreviousFormItem(button,name); if(p!=null) { if(p.type=="checkbox") parameters[name] = p.checked; else parameters[name] = p.value; } }); var spinner = button.closest("DIV").nextElementSibling; var target = spinner.nextElementSibling; spinner.style.display="block"; fetch(checkUrl, { method: "POST", headers: crumb.wrap({ "Content-Type": "application/x-www-form-urlencoded", }), body: new URLSearchParams(parameters), }).then((rsp) => { rsp.text().then((responseText) => { spinner.style.display="none"; var i; target.innerHTML = rsp.status==200 ? responseText : '<a href="" onclick="document.getElementById(\'valerr' + (i=iota++) + '\').style.display=\'block\';return false">ERROR</a><div id="valerr' + i + '" style="display:none">' + responseText + '</div>'; Behaviour.applySubtree(target); layoutUpdateCallback.call(); var s = rsp.headers.get("script"); try { geval(s); } catch(e) { window.alert("failed to evaluate "+s+"\n"+e.message); } }); }); } ]]></script> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] |
New:
h4. Problems {noformat} == Inline Script Block Line: 30 ---- <script type="text/javascript"><![CDATA[ function populateJiraFields(checkUrl,paramList,button) { button = button._button; var parameters = {}; paramList.split(',').forEach(function(name) { var p = findPreviousFormItem(button,name); if(p!=null) { if(p.type=="checkbox") parameters[name] = p.checked; else parameters[name] = p.value; } }); var spinner = button.closest("DIV").nextElementSibling; var target = spinner.nextElementSibling; spinner.style.display="block"; fetch(checkUrl, { method: "POST", headers: crumb.wrap({ "Content-Type": "application/x-www-form-urlencoded", }), body: new URLSearchParams(parameters), }).then((rsp) => { rsp.text().then((responseText) => { spinner.style.display="none"; var i; target.innerHTML = rsp.status==200 ? responseText : '<a href="" onclick="document.getElementById(\'valerr' + (i=iota++) + '\').style.display=\'block\';return false">ERROR</a><div id="valerr' + i + '" style="display:none">' + responseText + '</div>'; Behaviour.applySubtree(target); layoutUpdateCallback.call(); var s = rsp.headers.get("script"); try { geval(s); } catch(e) { window.alert("failed to evaluate "+s+"\n"+e.message); } }); }); } ]]></script> ---- == Inline Event Handler Line: 60 ---- <a href="" onclick="document.getElementById(\'valerr' + (i=iota++) + '\').style.display=\'block\';return false"> ---- == Inline Event Handler Line: 77 ---- <input type="button" value="Find Field IDs" class="yui-button validate-button" onclick="populateJiraFields('${descriptor.descriptorFullUrl}/queryJiraFields', 'issueKey',this)" /> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] |
| Summary | Original: [jira-ext] Extract inline script blocks and event handlers in org/jenkinsci/plugins/jiraext/view/AddLabelToField/config.jelly | New: [jira-ext] Extract inline script block and event handlers in org/jenkinsci/plugins/jiraext/view/AddLabelToField/config.jelly |