-
Task
-
Resolution: Unresolved
-
Minor
Note
While testing this plugin, evaluate whether the third-party libraries in src/main/webapp are compatible with CSP in restrictive mode. The plugin may need to be upgraded from jQuery 1.x to 3.x to fully function in CSP restrictive mode.
Problems
== Inline Script Block
Line: 11
----
<script type="text/javascript">
google.charts.load('current', {'packages':['corechart']});
google.charts.setOnLoadCallback(getModel);
var serenityResult = <st:bind value="${from.lastResult}" />
var projectId = ${from.getLastBuildProjectId()};
var projectName = ${from.getProjectName()};
// alert('Chart : ' + serenityResult);
function getModel() {
serenityResult.getProjectModel(function(t) {
var model = t.responseObject();
// alert('Model : ' + model);
setTimeout(function() {
// Instantiate and draw our chart, passing in some options.
var chart = new google.visualization.ComboChart(document.getElementById('chart_div'));
var data = new google.visualization.DataTable(model);
var options = {
title:'Project metrics - Powered by Serenity',
vAxis: {title: 'Values'},
hAxis: {title: 'Builds'},
seriesType: 'bars',
series: {0: {type: 'line'}},
legend: { position: 'bottom' },
curveType: 'function',
height:250
};
chart.draw(data, options);
}, 100);
});
};
function toggleElementVisibility(id) {
var e = document.getElementById(id);
if(e.style.display == 'block')
e.style.display = 'none';
else
e.style.display = 'block';
}
</script>
----
== Inline Event Handler
Line: 62
----
<a href="#" onClick="JavaScript:toggleElementVisibility('metrics-legend');">
----
Solutions
https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks
https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers
[JENKINS-74369] [serenity] Extract inline script block and event handler in com/ikokoon/serenity/hudson/SerenityProjectAction/floatingBox.jelly
Basil Crow
created issue -
Basil Crow
made changes -
| Description |
Original:
h4. Problems {noformat} == Inline Event Handler Line: 62 ---- <a href="#" onClick="JavaScript:toggleElementVisibility('metrics-legend');"> ---- == Inline Script Block Line: 11 ---- <script type="text/javascript"> google.charts.load('current', {'packages':['corechart']}); google.charts.setOnLoadCallback(getModel); var serenityResult = <st:bind value="${from.lastResult}" /> var projectId = ${from.getLastBuildProjectId()}; var projectName = ${from.getProjectName()}; // alert('Chart : ' + serenityResult); function getModel() { serenityResult.getProjectModel(function(t) { var model = t.responseObject(); // alert('Model : ' + model); setTimeout(function() { // Instantiate and draw our chart, passing in some options. var chart = new google.visualization.ComboChart(document.getElementById('chart_div')); var data = new google.visualization.DataTable(model); var options = { title:'Project metrics - Powered by Serenity', vAxis: {title: 'Values'}, hAxis: {title: 'Builds'}, seriesType: 'bars', series: {0: {type: 'line'}}, legend: { position: 'bottom' }, curveType: 'function', height:250 }; chart.draw(data, options); }, 100); }); }; function toggleElementVisibility(id) { var e = document.getElementById(id); if(e.style.display == 'block') e.style.display = 'none'; else e.style.display = 'block'; } </script> ---- == Inline Event Handler Line: 62 ---- <a href="#" onClick="JavaScript:toggleElementVisibility('metrics-legend');"> ---- == Inline Script Block Line: 11 ---- <script type="text/javascript"> google.charts.load('current', {'packages':['corechart']}); google.charts.setOnLoadCallback(getModel); var serenityResult = <st:bind value="${from.lastResult}" /> var projectId = ${from.getLastBuildProjectId()}; var projectName = ${from.getProjectName()}; // alert('Chart : ' + serenityResult); function getModel() { serenityResult.getProjectModel(function(t) { var model = t.responseObject(); // alert('Model : ' + model); setTimeout(function() { // Instantiate and draw our chart, passing in some options. var chart = new google.visualization.ComboChart(document.getElementById('chart_div')); var data = new google.visualization.DataTable(model); var options = { title:'Project metrics - Powered by Serenity', vAxis: {title: 'Values'}, hAxis: {title: 'Builds'}, seriesType: 'bars', series: {0: {type: 'line'}}, legend: { position: 'bottom' }, curveType: 'function', height:250 }; chart.draw(data, options); }, 100); }); }; function toggleElementVisibility(id) { var e = document.getElementById(id); if(e.style.display == 'block') e.style.display = 'none'; else e.style.display = 'block'; } </script> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] |
New:
h4. Problems {noformat} == Inline Script Block Line: 11 ---- <script type="text/javascript"> google.charts.load('current', {'packages':['corechart']}); google.charts.setOnLoadCallback(getModel); var serenityResult = <st:bind value="${from.lastResult}" /> var projectId = ${from.getLastBuildProjectId()}; var projectName = ${from.getProjectName()}; // alert('Chart : ' + serenityResult); function getModel() { serenityResult.getProjectModel(function(t) { var model = t.responseObject(); // alert('Model : ' + model); setTimeout(function() { // Instantiate and draw our chart, passing in some options. var chart = new google.visualization.ComboChart(document.getElementById('chart_div')); var data = new google.visualization.DataTable(model); var options = { title:'Project metrics - Powered by Serenity', vAxis: {title: 'Values'}, hAxis: {title: 'Builds'}, seriesType: 'bars', series: {0: {type: 'line'}}, legend: { position: 'bottom' }, curveType: 'function', height:250 }; chart.draw(data, options); }, 100); }); }; function toggleElementVisibility(id) { var e = document.getElementById(id); if(e.style.display == 'block') e.style.display = 'none'; else e.style.display = 'block'; } </script> ---- == Inline Event Handler Line: 62 ---- <a href="#" onClick="JavaScript:toggleElementVisibility('metrics-legend');"> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] |
| Summary | Original: [serenity] Extract inline script blocks and event handlers in com/ikokoon/serenity/hudson/SerenityProjectAction/floatingBox.jelly | New: [serenity] Extract inline script block and event handler in com/ikokoon/serenity/hudson/SerenityProjectAction/floatingBox.jelly |
Basil Crow
made changes -
| Description |
Original:
h4. Problems {noformat} == Inline Script Block Line: 11 ---- <script type="text/javascript"> google.charts.load('current', {'packages':['corechart']}); google.charts.setOnLoadCallback(getModel); var serenityResult = <st:bind value="${from.lastResult}" /> var projectId = ${from.getLastBuildProjectId()}; var projectName = ${from.getProjectName()}; // alert('Chart : ' + serenityResult); function getModel() { serenityResult.getProjectModel(function(t) { var model = t.responseObject(); // alert('Model : ' + model); setTimeout(function() { // Instantiate and draw our chart, passing in some options. var chart = new google.visualization.ComboChart(document.getElementById('chart_div')); var data = new google.visualization.DataTable(model); var options = { title:'Project metrics - Powered by Serenity', vAxis: {title: 'Values'}, hAxis: {title: 'Builds'}, seriesType: 'bars', series: {0: {type: 'line'}}, legend: { position: 'bottom' }, curveType: 'function', height:250 }; chart.draw(data, options); }, 100); }); }; function toggleElementVisibility(id) { var e = document.getElementById(id); if(e.style.display == 'block') e.style.display = 'none'; else e.style.display = 'block'; } </script> ---- == Inline Event Handler Line: 62 ---- <a href="#" onClick="JavaScript:toggleElementVisibility('metrics-legend');"> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] |
New:
h1. Note
*While testing this plugin, evaluate whether the third-party libraries in {{src/main/webapp}} are compatible with CSP in restrictive mode. The plugin may need to be upgraded from jQuery 1.x to 3.x to fully function in CSP restrictive mode.* h4. Problems {noformat} == Inline Script Block Line: 11 ---- <script type="text/javascript"> google.charts.load('current', {'packages':['corechart']}); google.charts.setOnLoadCallback(getModel); var serenityResult = <st:bind value="${from.lastResult}" /> var projectId = ${from.getLastBuildProjectId()}; var projectName = ${from.getProjectName()}; // alert('Chart : ' + serenityResult); function getModel() { serenityResult.getProjectModel(function(t) { var model = t.responseObject(); // alert('Model : ' + model); setTimeout(function() { // Instantiate and draw our chart, passing in some options. var chart = new google.visualization.ComboChart(document.getElementById('chart_div')); var data = new google.visualization.DataTable(model); var options = { title:'Project metrics - Powered by Serenity', vAxis: {title: 'Values'}, hAxis: {title: 'Builds'}, seriesType: 'bars', series: {0: {type: 'line'}}, legend: { position: 'bottom' }, curveType: 'function', height:250 }; chart.draw(data, options); }, 100); }); }; function toggleElementVisibility(id) { var e = document.getElementById(id); if(e.style.display == 'block') e.style.display = 'none'; else e.style.display = 'block'; } </script> ---- == Inline Event Handler Line: 62 ---- <a href="#" onClick="JavaScript:toggleElementVisibility('metrics-legend');"> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] |