Loading...

XML

Word

Printable

Type: Task
Resolution: Unresolved
Priority: Minor
Component/s: jira-ext-plugin
Labels:
- CSP

Epic Link:
CSP compatibility for Jenkins plugins

Problems

== Inline Script Block
Line: 30
----
<script type="text/javascript"><![CDATA[
                function populateJiraFields(checkUrl,paramList,button) {

                    button = button._button;

                    var parameters = {};

                    paramList.split(',').forEach(function(name) {
                        var p = findPreviousFormItem(button,name);
                        if(p!=null) {
                            if(p.type=="checkbox")  parameters[name] = p.checked;
                            else                    parameters[name] = p.value;
                        }
                    });

                    var spinner = button.closest("DIV").nextElementSibling;
                    var target = spinner.nextElementSibling;
                    spinner.style.display="block";

                    fetch(checkUrl, {
                        method: "POST",
                        headers: crumb.wrap({
                          "Content-Type": "application/x-www-form-urlencoded",
                        }),
                        body: new URLSearchParams(parameters),
                    }).then((rsp) => {
                        rsp.text().then((responseText) => {
                            spinner.style.display="none";
                            var i;
                            target.innerHTML = rsp.status==200 ? responseText
                            : '<a href="" onclick="document.getElementById(\'valerr' + (i=iota++)
                                    + '\').style.display=\'block\';return false">ERROR</a><div id="valerr'
                                    + i + '" style="display:none">' + responseText + '</div>';
                            Behaviour.applySubtree(target);
                            layoutUpdateCallback.call();
                            var s = rsp.headers.get("script");
                            try {
                                geval(s);
                            } catch(e) {
                                window.alert("failed to evaluate "+s+"\n"+e.message);
                            }
                        });
                    });
                }
                ]]></script>
----

== Inline Event Handler
Line: 60
----
<a href="" onclick="document.getElementById(\'valerr' + (i=iota++)
                                    + '\').style.display=\'block\';return false">
----

== Inline Event Handler
Line: 77
----
<input type="button" value="Find Field IDs" class="yui-button validate-button"
                   onclick="populateJiraFields('${descriptor.descriptorFullUrl}/queryJiraFields', 'issueKey',this)" />
----

Solutions

https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks
https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers

Assignee:: Unassigned
Reporter:: Basil Crow
Votes:: 0 Vote for this issue
Watchers:: 1 Start watching this issue

Created:: 2024-10-23 23:38
Updated:: 2024-10-24 15:04

Details

Description

Problems

Solutions

Attachments

Activity

People

Dates