[openid] Extract inline script block and event handler in hudson/plugins/openid/OpenIdUserProperty/config.jelly

XMLWordPrintable

    • Type: Task
    • Resolution: Unresolved
    • Priority: Minor
    • Component/s: openid-plugin

      Note

      While testing this plugin, evaluate whether the third-party libraries in src/main/webapp are compatible with CSP in restrictive mode. The plugin may need to be upgraded from jQuery 1.x to 3.x to fully function in CSP restrictive mode.

      Problems

      == Inline Script Block
Line: 39
----
<script>
      Behaviour.register({
        "INPUT.openid-delete" : function (e) {
            makeButton(e,function(e) {
              Element.remove(findAncestor(e.target,"LI")); // delete the whole LI
            });
        }
      });
    </script>
----

== Inline Event Handler
Line: 37
----
<input type="button" class='yui-button' value="${%Associate Another OpenID}"
           onclick="window.location='${rootURL}/federatedLoginService/openid/associate'" />
----

      Solutions

      https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks
      https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers

            Assignee:
            Michael Nazzareno
            Reporter:
            Basil Crow
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: