-
Task
-
Resolution: Unresolved
-
Minor
Problems
== Inline Script Block
Line: 30
----
<script type="text/javascript"><![CDATA[
function populateJiraFields(checkUrl,paramList,button) {
button = button._button;
var parameters = {};
paramList.split(',').forEach(function(name) {
var p = findPreviousFormItem(button,name);
if(p!=null) {
if(p.type=="checkbox") parameters[name] = p.checked;
else parameters[name] = p.value;
}
});
var spinner = button.closest("DIV").nextElementSibling;
var target = spinner.nextElementSibling;
spinner.style.display="block";
fetch(checkUrl, {
method: "POST",
headers: crumb.wrap({
"Content-Type": "application/x-www-form-urlencoded",
}),
body: new URLSearchParams(parameters),
}).then((rsp) => {
rsp.text().then((responseText) => {
spinner.style.display="none";
var i;
target.innerHTML = rsp.status==200 ? responseText
: '<a href="" onclick="document.getElementById(\'valerr' + (i=iota++)
+ '\').style.display=\'block\';return false">ERROR</a><div id="valerr'
+ i + '" style="display:none">' + responseText + '</div>';
Behaviour.applySubtree(target);
layoutUpdateCallback.call();
var s = rsp.headers.get("script");
try {
geval(s);
} catch(e) {
window.alert("failed to evaluate "+s+"\n"+e.message);
}
});
});
}
]]></script>
----
== Inline Event Handler
Line: 60
----
<a href="" onclick="document.getElementById(\'valerr' + (i=iota++)
+ '\').style.display=\'block\';return false">
----
== Inline Event Handler
Line: 77
----
<input type="button" value="Find Field IDs" class="yui-button validate-button"
onclick="populateJiraFields('${descriptor.descriptorFullUrl}/queryJiraFields', 'issueKey',this)" />
----
Solutions
https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks
https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers
