Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-74310

[openid] Extract inline script block and event handler in hudson/plugins/openid/OpenIdUserProperty/config.jelly

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Minor Minor
    • openid-plugin

      Note

      While testing this plugin, evaluate whether the third-party libraries in src/main/webapp are compatible with CSP in restrictive mode. The plugin may need to be upgraded from jQuery 1.x to 3.x to fully function in CSP restrictive mode.

      Problems

      == Inline Script Block
      Line: 39
      ----
      <script>
            Behaviour.register({
              "INPUT.openid-delete" : function (e) {
                  makeButton(e,function(e) {
                    Element.remove(findAncestor(e.target,"LI")); // delete the whole LI
                  });
              }
            });
          </script>
      ----
      
      == Inline Event Handler
      Line: 37
      ----
      <input type="button" class='yui-button' value="${%Associate Another OpenID}"
                 onclick="window.location='${rootURL}/federatedLoginService/openid/associate'" />
      ----
      

      Solutions

      https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks
      https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers

          [JENKINS-74310] [openid] Extract inline script block and event handler in hudson/plugins/openid/OpenIdUserProperty/config.jelly

          Basil Crow created issue -
          Basil Crow made changes -
          Assignee Original: Kohsuke Kawaguchi [ kohsuke ]
          Basil Crow made changes -
          Description Original: h4. Problems

          {noformat}
          == Inline Event Handler
          Line: 37
          ----
          <input type="button" class='yui-button' value="${%Associate Another OpenID}"
                     onclick="window.location='${rootURL}/federatedLoginService/openid/associate'" />
          ----

          == Inline Script Block
          Line: 39
          ----
          <script>
                Behaviour.register({
                  "INPUT.openid-delete" : function (e) {
                      makeButton(e,function(e) {
                        Element.remove(findAncestor(e.target,"LI")); // delete the whole LI
                      });
                  }
                });
              </script>
          ----

          == Inline Event Handler
          Line: 37
          ----
          <input type="button" class='yui-button' value="${%Associate Another OpenID}"
                     onclick="window.location='${rootURL}/federatedLoginService/openid/associate'" />
          ----

          == Inline Script Block
          Line: 39
          ----
          <script>
                Behaviour.register({
                  "INPUT.openid-delete" : function (e) {
                      makeButton(e,function(e) {
                        Element.remove(findAncestor(e.target,"LI")); // delete the whole LI
                      });
                  }
                });
              </script>
          ----
          {noformat}

          h4. Solutions

          [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks]
          [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers]
          New: h4. Problems

          {noformat}
          == Inline Script Block
          Line: 39
          ----
          <script>
                Behaviour.register({
                  "INPUT.openid-delete" : function (e) {
                      makeButton(e,function(e) {
                        Element.remove(findAncestor(e.target,"LI")); // delete the whole LI
                      });
                  }
                });
              </script>
          ----

          == Inline Event Handler
          Line: 37
          ----
          <input type="button" class='yui-button' value="${%Associate Another OpenID}"
                     onclick="window.location='${rootURL}/federatedLoginService/openid/associate'" />
          ----
          {noformat}

          h4. Solutions

          [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks]
          [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers]
          Summary Original: [openid] Extract inline script blocks and event handlers in hudson/plugins/openid/OpenIdUserProperty/config.jelly New: [openid] Extract inline script block and event handler in hudson/plugins/openid/OpenIdUserProperty/config.jelly
          Basil Crow made changes -
          Description Original: h4. Problems

          {noformat}
          == Inline Script Block
          Line: 39
          ----
          <script>
                Behaviour.register({
                  "INPUT.openid-delete" : function (e) {
                      makeButton(e,function(e) {
                        Element.remove(findAncestor(e.target,"LI")); // delete the whole LI
                      });
                  }
                });
              </script>
          ----

          == Inline Event Handler
          Line: 37
          ----
          <input type="button" class='yui-button' value="${%Associate Another OpenID}"
                     onclick="window.location='${rootURL}/federatedLoginService/openid/associate'" />
          ----
          {noformat}

          h4. Solutions

          [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks]
          [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers]
          New: h1. Note

          *While testing this plugin, evaluate whether the third-party libraries in {{src/main/webapp}} are compatible with CSP in restrictive mode. The plugin may need to be upgraded from jQuery 1.x to 3.x to fully function in CSP restrictive mode.*

          h4. Problems

          {noformat}
          == Inline Script Block
          Line: 39
          ----
          <script>
                Behaviour.register({
                  "INPUT.openid-delete" : function (e) {
                      makeButton(e,function(e) {
                        Element.remove(findAncestor(e.target,"LI")); // delete the whole LI
                      });
                  }
                });
              </script>
          ----

          == Inline Event Handler
          Line: 37
          ----
          <input type="button" class='yui-button' value="${%Associate Another OpenID}"
                     onclick="window.location='${rootURL}/federatedLoginService/openid/associate'" />
          ----
          {noformat}

          h4. Solutions

          [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks]
          [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers]

            Unassigned Unassigned
            basil Basil Crow
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: