-
Task
-
Resolution: Unresolved
-
Minor
Note
While testing this plugin, evaluate whether the third-party libraries in src/main/webapp are compatible with CSP in restrictive mode. The plugin may need to be upgraded from jQuery 1.x to 3.x to fully function in CSP restrictive mode.
Problems
== Inline Script Block Line: 39 ---- <script> Behaviour.register({ "INPUT.openid-delete" : function (e) { makeButton(e,function(e) { Element.remove(findAncestor(e.target,"LI")); // delete the whole LI }); } }); </script> ---- == Inline Event Handler Line: 37 ---- <input type="button" class='yui-button' value="${%Associate Another OpenID}" onclick="window.location='${rootURL}/federatedLoginService/openid/associate'" /> ----
Solutions
https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks
https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers
[JENKINS-74310] [openid] Extract inline script block and event handler in hudson/plugins/openid/OpenIdUserProperty/config.jelly
Assignee | Original: Kohsuke Kawaguchi [ kohsuke ] |
Description |
Original:
h4. Problems {noformat} == Inline Event Handler Line: 37 ---- <input type="button" class='yui-button' value="${%Associate Another OpenID}" onclick="window.location='${rootURL}/federatedLoginService/openid/associate'" /> ---- == Inline Script Block Line: 39 ---- <script> Behaviour.register({ "INPUT.openid-delete" : function (e) { makeButton(e,function(e) { Element.remove(findAncestor(e.target,"LI")); // delete the whole LI }); } }); </script> ---- == Inline Event Handler Line: 37 ---- <input type="button" class='yui-button' value="${%Associate Another OpenID}" onclick="window.location='${rootURL}/federatedLoginService/openid/associate'" /> ---- == Inline Script Block Line: 39 ---- <script> Behaviour.register({ "INPUT.openid-delete" : function (e) { makeButton(e,function(e) { Element.remove(findAncestor(e.target,"LI")); // delete the whole LI }); } }); </script> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] |
New:
h4. Problems {noformat} == Inline Script Block Line: 39 ---- <script> Behaviour.register({ "INPUT.openid-delete" : function (e) { makeButton(e,function(e) { Element.remove(findAncestor(e.target,"LI")); // delete the whole LI }); } }); </script> ---- == Inline Event Handler Line: 37 ---- <input type="button" class='yui-button' value="${%Associate Another OpenID}" onclick="window.location='${rootURL}/federatedLoginService/openid/associate'" /> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] |
Summary | Original: [openid] Extract inline script blocks and event handlers in hudson/plugins/openid/OpenIdUserProperty/config.jelly | New: [openid] Extract inline script block and event handler in hudson/plugins/openid/OpenIdUserProperty/config.jelly |
Description |
Original:
h4. Problems {noformat} == Inline Script Block Line: 39 ---- <script> Behaviour.register({ "INPUT.openid-delete" : function (e) { makeButton(e,function(e) { Element.remove(findAncestor(e.target,"LI")); // delete the whole LI }); } }); </script> ---- == Inline Event Handler Line: 37 ---- <input type="button" class='yui-button' value="${%Associate Another OpenID}" onclick="window.location='${rootURL}/federatedLoginService/openid/associate'" /> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] |
New:
h1. Note
*While testing this plugin, evaluate whether the third-party libraries in {{src/main/webapp}} are compatible with CSP in restrictive mode. The plugin may need to be upgraded from jQuery 1.x to 3.x to fully function in CSP restrictive mode.* h4. Problems {noformat} == Inline Script Block Line: 39 ---- <script> Behaviour.register({ "INPUT.openid-delete" : function (e) { makeButton(e,function(e) { Element.remove(findAncestor(e.target,"LI")); // delete the whole LI }); } }); </script> ---- == Inline Event Handler Line: 37 ---- <input type="button" class='yui-button' value="${%Associate Another OpenID}" onclick="window.location='${rootURL}/federatedLoginService/openid/associate'" /> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] |