• Type: Task
• Resolution: Unresolved
• Priority: Minor
• Component/s: doclinks-plugin
• Labels:

  • CSP

[JENKINS-74280] [doclinks] Extract inline event handler and migrate legacy checkUrl attributes in hudson/plugins/doclinks/DocLinksPublisher/config.jelly

Basil Crow created issue - 2024-10-23 23:42

Basil Crow made changes - 2024-10-24 00:48

Assignee

Original: sogabe [ sogabe ]

Basil Crow made changes - 2024-10-24 15:07

Description	Original: h4. Problems {noformat} == Inline Event Handler Line: 18 ---- <f:textbox name="doc.directory" value="${doc.directory}"                      onchange="findMatchingFormInput(this,'doc.file').onchange()"                      checkUrl="'descriptorByName/DocLinksPublisher/checkDirectory?dir='+encodeURIComponent(this.value)" /> ---- == Legacy checkUrl Line: 9 ---- checkUrl="'descriptorByName/DocLinksPublisher/checkTitle?title='+encodeURIComponent(this.value)" ---- == Legacy checkUrl Line: 20 ---- checkUrl="'descriptorByName/DocLinksPublisher/checkDirectory?dir='+encodeURIComponent(this.value)" ---- == Legacy checkUrl Line: 30 ---- checkUrl="'descriptorByName/DocLinksPublisher/checkFile?dir=' + encodeURIComponent(findMatchingFormInput(this, 'doc.directory').value) + '&amp;file='+encodeURIComponent(this.value)" ---- == Inline Event Handler Line: 18 ---- <f:textbox name="doc.directory" value="${doc.directory}"                      onchange="findMatchingFormInput(this,'doc.file').onchange()"                      checkUrl="'descriptorByName/DocLinksPublisher/checkDirectory?dir='+encodeURIComponent(this.value)" /> ---- == Legacy checkUrl Line: 9 ---- checkUrl="'descriptorByName/DocLinksPublisher/checkTitle?title='+encodeURIComponent(this.value)" ---- == Legacy checkUrl Line: 20 ---- checkUrl="'descriptorByName/DocLinksPublisher/checkDirectory?dir='+encodeURIComponent(this.value)" ---- == Legacy checkUrl Line: 30 ---- checkUrl="'descriptorByName/DocLinksPublisher/checkFile?dir=' + encodeURIComponent(findMatchingFormInput(this, 'doc.directory').value) + '&amp;file='+encodeURIComponent(this.value)" ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] [https://www.jenkins.io/doc/developer/security/csp/#legacy-javascript-checkurl-validation]	New: h4. Problems {noformat} == Legacy checkUrl Line: 9 ---- checkUrl="'descriptorByName/DocLinksPublisher/checkTitle?title='+encodeURIComponent(this.value)" ---- == Legacy checkUrl Line: 20 ---- checkUrl="'descriptorByName/DocLinksPublisher/checkDirectory?dir='+encodeURIComponent(this.value)" ---- == Legacy checkUrl Line: 30 ---- checkUrl="'descriptorByName/DocLinksPublisher/checkFile?dir=' + encodeURIComponent(findMatchingFormInput(this, 'doc.directory').value) + '&amp;file='+encodeURIComponent(this.value)" ---- == Inline Event Handler Line: 18 ---- <f:textbox name="doc.directory" value="${doc.directory}"                      onchange="findMatchingFormInput(this,'doc.file').onchange()"                      checkUrl="'descriptorByName/DocLinksPublisher/checkDirectory?dir='+encodeURIComponent(this.value)" /> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] [https://www.jenkins.io/doc/developer/security/csp/#legacy-javascript-checkurl-validation]
Summary	Original: [doclinks] Extract inline event handlers and migrate legacy checkUrl attributes in hudson/plugins/doclinks/DocLinksPublisher/config.jelly	New: [doclinks] Extract inline event handler and migrate legacy checkUrl attributes in hudson/plugins/doclinks/DocLinksPublisher/config.jelly