-
Type:
Task
-
Resolution: Unresolved
-
Priority:
Minor
-
Component/s: klocwork-plugin
Note
While testing this plugin, evaluate whether the third-party libraries in src/main/webapp are compatible with CSP in restrictive mode. The plugin may need to be upgraded from jQuery 1.x to 3.x to fully function in CSP restrictive mode.
Problems
== Inline Script Block
Line: 7
----
<script>
var klocworkResultsAction = <st:bind value="${it}"/>
</script>
----
== Inline Script Block
Line: 124
----
<script>
Klocwork.showOrHideLogout();
</script>
----
== Inline Event Handler
Line: 17
----
<button class="authentication-details-logout" id="klocworkResultsAction_authenticationLogoutButton" onclick="Klocwork.deleteAuthenticationCookies()">
----
== Inline Event Handler
Line: 65
----
<button class="authentication-save-control" id="klocworkResultsAction_authenticationSave" onclick="Klocwork.authenticate(${issueId})">
----
== Inline Event Handler
Line: 66
----
<button class="authentication-save-control" id="klocworkResultsAction_authenticationCancel" onclick="Klocwork.cancelAuthentication()">
----
== Inline Event Handler
Line: 73
----
<a class="link-style-none collapsible block ${initialCollapse}" onclick="Klocwork.toggle(this, 'newIssues')">
----
== Inline Event Handler
Line: 101
----
<a class="link-style-none collapsible block ${initialCollapse}" onclick="Klocwork.toggle(this, 'fixedIssues')">
----
Solutions
https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks
https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers
