• Type: Task
• Resolution: Unresolved
• Priority: Minor
• Component/s: bugzilla-plugin
• Labels:

  • CSP

[JENKINS-74480] [bugzilla] Extract inline event handler and migrate legacy checkUrl attributes in WEB-INF/classes/hudson/plugins/bugzilla/BugzillaProjectProperty/global.jelly

Basil Crow created issue - 2024-10-24 00:03

Basil Crow made changes - 2024-10-24 00:48

Assignee

Original: mdonohue [ mdonohue ]

Basil Crow made changes - 2024-10-24 15:25

Description	Original: h4. Problems {noformat} == Inline Event Handler Line: 23 ---- <input class="setting-input" name="bugzilla.password" type="password" value="${descriptor.password}" onchange="Form.findMatchingInput(this,'bugzilla.username').onchange()"/> ---- == Legacy checkUrl Line: 5 ---- checkUrl="'${rootURL}/jobProperty/BugzillaProjectProperty/regexCheck?value='+escape(this.value)" ---- == Legacy checkUrl Line: 9 ---- checkUrl="'${rootURL}/jobProperty/BugzillaProjectProperty/urlCheck?value='+escape(this.value)" ---- == Legacy checkUrl Line: 19 ---- checkUrl="'${rootURL}/jobProperty/BugzillaProjectProperty/loginCheck?url='+escape(Form.findMatchingInput(this,'bugzilla.base').value)+'&amp;user='+escape(this.value)+'&amp;pass='+escape(Form.findMatchingInput(this,'bugzilla.password').value)" ---- == Inline Event Handler Line: 23 ---- <input class="setting-input" name="bugzilla.password" type="password" value="${descriptor.password}" onchange="Form.findMatchingInput(this,'bugzilla.username').onchange()"/> ---- == Legacy checkUrl Line: 5 ---- checkUrl="'${rootURL}/jobProperty/BugzillaProjectProperty/regexCheck?value='+escape(this.value)" ---- == Legacy checkUrl Line: 9 ---- checkUrl="'${rootURL}/jobProperty/BugzillaProjectProperty/urlCheck?value='+escape(this.value)" ---- == Legacy checkUrl Line: 19 ---- checkUrl="'${rootURL}/jobProperty/BugzillaProjectProperty/loginCheck?url='+escape(Form.findMatchingInput(this,'bugzilla.base').value)+'&amp;user='+escape(this.value)+'&amp;pass='+escape(Form.findMatchingInput(this,'bugzilla.password').value)" ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] [https://www.jenkins.io/doc/developer/security/csp/#legacy-javascript-checkurl-validation]	New: h4. Problems {noformat} == Legacy checkUrl Line: 5 ---- checkUrl="'${rootURL}/jobProperty/BugzillaProjectProperty/regexCheck?value='+escape(this.value)" ---- == Legacy checkUrl Line: 9 ---- checkUrl="'${rootURL}/jobProperty/BugzillaProjectProperty/urlCheck?value='+escape(this.value)" ---- == Legacy checkUrl Line: 19 ---- checkUrl="'${rootURL}/jobProperty/BugzillaProjectProperty/loginCheck?url='+escape(Form.findMatchingInput(this,'bugzilla.base').value)+'&amp;user='+escape(this.value)+'&amp;pass='+escape(Form.findMatchingInput(this,'bugzilla.password').value)" ---- == Inline Event Handler Line: 23 ---- <input class="setting-input" name="bugzilla.password" type="password" value="${descriptor.password}" onchange="Form.findMatchingInput(this,'bugzilla.username').onchange()"/> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] [https://www.jenkins.io/doc/developer/security/csp/#legacy-javascript-checkurl-validation]
Summary	Original: [bugzilla] Extract inline event handlers and migrate legacy checkUrl attributes in WEB-INF/classes/hudson/plugins/bugzilla/BugzillaProjectProperty/global.jelly	New: [bugzilla] Extract inline event handler and migrate legacy checkUrl attributes in WEB-INF/classes/hudson/plugins/bugzilla/BugzillaProjectProperty/global.jelly