-
Task
-
Resolution: Unresolved
-
Minor
Note
While testing this plugin, evaluate whether the third-party libraries in src/main/webapp are compatible with CSP in restrictive mode. The plugin may need to be upgraded from jQuery 1.x to 3.x to fully function in CSP restrictive mode.
Problems
== Inline Script Block
Line: 11
----
<script type="text/javascript">
google.charts.load('current', {'packages':['corechart']});
google.charts.setOnLoadCallback(getModel);
var serenityResult = <st:bind value="${from.lastResult}" />
var projectId = ${from.getLastBuildProjectId()};
var projectName = ${from.getProjectName()};
// alert('Chart : ' + serenityResult);
function getModel() {
serenityResult.getProjectModel(function(t) {
var model = t.responseObject();
// alert('Model : ' + model);
setTimeout(function() {
// Instantiate and draw our chart, passing in some options.
var chart = new google.visualization.ComboChart(document.getElementById('chart_div'));
var data = new google.visualization.DataTable(model);
var options = {
title:'Project metrics - Powered by Serenity',
vAxis: {title: 'Values'},
hAxis: {title: 'Builds'},
seriesType: 'bars',
series: {0: {type: 'line'}},
legend: { position: 'bottom' },
curveType: 'function',
height:250
};
chart.draw(data, options);
}, 100);
});
};
function toggleElementVisibility(id) {
var e = document.getElementById(id);
if(e.style.display == 'block')
e.style.display = 'none';
else
e.style.display = 'block';
}
</script>
----
== Inline Event Handler
Line: 62
----
<a href="#" onClick="JavaScript:toggleElementVisibility('metrics-legend');">
----
Solutions
https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks
https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers
