-
Task
-
Resolution: Unresolved
-
Minor
Note
While testing this plugin, evaluate whether the third-party libraries in src/main/webapp are compatible with CSP in restrictive mode. The plugin may need to be upgraded from jQuery 1.x to 3.x to fully function in CSP restrictive mode.
Problems
== Inline Script Block
Line: 12
----
<script>
var jQ = jQuery.noConflict(true);
var backend =
<st:bind value="${it}"/>
</script>
----
== Inline Event Handler
Line: 27
----
<th id="metric" onclick="sortTable('metric','configTable',a=>
----
== Inline Event Handler
Line: 33
----
<th id="since" onclick="sortTable('since','configTable',a=>
----
== Inline Event Handler
Line: 44
----
<input type="text" value="${conf.getValue().getUnit()}" id="${conf.getKey()}_unit" class="fields form-control"
onchange="setMetricUnit('${conf.getKey()}')">
----
== Inline Event Handler
Line: 51
----
<input type="number" value="${conf.getValue().getMinValue()}" id="${conf.getKey()}_minValue"
step="any" class="form-control"
onchange="setMetricMinValue('${conf.getKey()}')">
----
== Inline Event Handler
Line: 59
----
<input type="number" value="${conf.getValue().getMaxValue()}" id="${conf.getKey()}_maxValue"
step="any" class="form-control"
onchange="setMetricMaxValue('${conf.getKey()}')">
----
== Inline Event Handler
Line: 67
----
<input type="number" value="${conf.getValue().getMinPercent()}"
id="${conf.getKey()}_minPercent" step="any" class="form-control"
onchange="setMinPercent('${conf.getKey()}')">
----
== Inline Event Handler
Line: 75
----
<input type="number" value="${conf.getValue().getMaxPercent()}"
id="${conf.getKey()}_maxPercent" step="any" class="form-control"
onchange="setMaxPercent('${conf.getKey()}')">
----
== Inline Event Handler
Line: 91
----
<button type="button" class="btn btn-danger btn-sm" onclick="deleteMetric('${conf.getKey()}')">
----
== Inline Event Handler
Line: 99
----
<button type="button" class="btn btn-danger btn-sm" onclick="deleteMetric('${conf.getKey()}')" disabled="true">
----
== Inline Event Handler
Line: 129
----
<input type="text"
id="newMetric" class="form-control"
onchange="createMetric(document.getElementById('newMetric').value)">
----
Solutions
https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks
https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers
[JENKINS-74540] [benchmark-evaluator] Extract inline script block and event handlers in io/jenkins/plugins/benchmark/BenchmarkConfigAction/index.jelly
Basil Crow
created issue -
Basil Crow
made changes -
| Assignee | Original: Fabian Lehmann [ lehmann_fabian ] |
Basil Crow
made changes -
| Description |
Original:
h4. Problems {noformat} == Inline Event Handler Line: 27 ---- <th id="metric" onclick="sortTable('metric','configTable',a=> ---- == Inline Event Handler Line: 33 ---- <th id="since" onclick="sortTable('since','configTable',a=> ---- == Inline Event Handler Line: 44 ---- <input type="text" value="${conf.getValue().getUnit()}" id="${conf.getKey()}_unit" class="fields form-control" onchange="setMetricUnit('${conf.getKey()}')"> ---- == Inline Event Handler Line: 51 ---- <input type="number" value="${conf.getValue().getMinValue()}" id="${conf.getKey()}_minValue" step="any" class="form-control" onchange="setMetricMinValue('${conf.getKey()}')"> ---- == Inline Event Handler Line: 59 ---- <input type="number" value="${conf.getValue().getMaxValue()}" id="${conf.getKey()}_maxValue" step="any" class="form-control" onchange="setMetricMaxValue('${conf.getKey()}')"> ---- == Inline Event Handler Line: 67 ---- <input type="number" value="${conf.getValue().getMinPercent()}" id="${conf.getKey()}_minPercent" step="any" class="form-control" onchange="setMinPercent('${conf.getKey()}')"> ---- == Inline Event Handler Line: 75 ---- <input type="number" value="${conf.getValue().getMaxPercent()}" id="${conf.getKey()}_maxPercent" step="any" class="form-control" onchange="setMaxPercent('${conf.getKey()}')"> ---- == Inline Event Handler Line: 91 ---- <button type="button" class="btn btn-danger btn-sm" onclick="deleteMetric('${conf.getKey()}')"> ---- == Inline Event Handler Line: 99 ---- <button type="button" class="btn btn-danger btn-sm" onclick="deleteMetric('${conf.getKey()}')" disabled="true"> ---- == Inline Event Handler Line: 129 ---- <input type="text" id="newMetric" class="form-control" onchange="createMetric(document.getElementById('newMetric').value)"> ---- == Inline Script Block Line: 12 ---- <script> var jQ = jQuery.noConflict(true); var backend = <st:bind value="${it}"/> </script> ---- == Inline Event Handler Line: 27 ---- <th id="metric" onclick="sortTable('metric','configTable',a=> ---- == Inline Event Handler Line: 33 ---- <th id="since" onclick="sortTable('since','configTable',a=> ---- == Inline Event Handler Line: 44 ---- <input type="text" value="${conf.getValue().getUnit()}" id="${conf.getKey()}_unit" class="fields form-control" onchange="setMetricUnit('${conf.getKey()}')"> ---- == Inline Event Handler Line: 51 ---- <input type="number" value="${conf.getValue().getMinValue()}" id="${conf.getKey()}_minValue" step="any" class="form-control" onchange="setMetricMinValue('${conf.getKey()}')"> ---- == Inline Event Handler Line: 59 ---- <input type="number" value="${conf.getValue().getMaxValue()}" id="${conf.getKey()}_maxValue" step="any" class="form-control" onchange="setMetricMaxValue('${conf.getKey()}')"> ---- == Inline Event Handler Line: 67 ---- <input type="number" value="${conf.getValue().getMinPercent()}" id="${conf.getKey()}_minPercent" step="any" class="form-control" onchange="setMinPercent('${conf.getKey()}')"> ---- == Inline Event Handler Line: 75 ---- <input type="number" value="${conf.getValue().getMaxPercent()}" id="${conf.getKey()}_maxPercent" step="any" class="form-control" onchange="setMaxPercent('${conf.getKey()}')"> ---- == Inline Event Handler Line: 91 ---- <button type="button" class="btn btn-danger btn-sm" onclick="deleteMetric('${conf.getKey()}')"> ---- == Inline Event Handler Line: 99 ---- <button type="button" class="btn btn-danger btn-sm" onclick="deleteMetric('${conf.getKey()}')" disabled="true"> ---- == Inline Event Handler Line: 129 ---- <input type="text" id="newMetric" class="form-control" onchange="createMetric(document.getElementById('newMetric').value)"> ---- == Inline Script Block Line: 12 ---- <script> var jQ = jQuery.noConflict(true); var backend = <st:bind value="${it}"/> </script> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] |
New:
h4. Problems {noformat} == Inline Script Block Line: 12 ---- <script> var jQ = jQuery.noConflict(true); var backend = <st:bind value="${it}"/> </script> ---- == Inline Event Handler Line: 27 ---- <th id="metric" onclick="sortTable('metric','configTable',a=> ---- == Inline Event Handler Line: 33 ---- <th id="since" onclick="sortTable('since','configTable',a=> ---- == Inline Event Handler Line: 44 ---- <input type="text" value="${conf.getValue().getUnit()}" id="${conf.getKey()}_unit" class="fields form-control" onchange="setMetricUnit('${conf.getKey()}')"> ---- == Inline Event Handler Line: 51 ---- <input type="number" value="${conf.getValue().getMinValue()}" id="${conf.getKey()}_minValue" step="any" class="form-control" onchange="setMetricMinValue('${conf.getKey()}')"> ---- == Inline Event Handler Line: 59 ---- <input type="number" value="${conf.getValue().getMaxValue()}" id="${conf.getKey()}_maxValue" step="any" class="form-control" onchange="setMetricMaxValue('${conf.getKey()}')"> ---- == Inline Event Handler Line: 67 ---- <input type="number" value="${conf.getValue().getMinPercent()}" id="${conf.getKey()}_minPercent" step="any" class="form-control" onchange="setMinPercent('${conf.getKey()}')"> ---- == Inline Event Handler Line: 75 ---- <input type="number" value="${conf.getValue().getMaxPercent()}" id="${conf.getKey()}_maxPercent" step="any" class="form-control" onchange="setMaxPercent('${conf.getKey()}')"> ---- == Inline Event Handler Line: 91 ---- <button type="button" class="btn btn-danger btn-sm" onclick="deleteMetric('${conf.getKey()}')"> ---- == Inline Event Handler Line: 99 ---- <button type="button" class="btn btn-danger btn-sm" onclick="deleteMetric('${conf.getKey()}')" disabled="true"> ---- == Inline Event Handler Line: 129 ---- <input type="text" id="newMetric" class="form-control" onchange="createMetric(document.getElementById('newMetric').value)"> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] |
| Summary | Original: [benchmark-evaluator] Extract inline script blocks and event handlers in io/jenkins/plugins/benchmark/BenchmarkConfigAction/index.jelly | New: [benchmark-evaluator] Extract inline script block and event handlers in io/jenkins/plugins/benchmark/BenchmarkConfigAction/index.jelly |
Basil Crow
made changes -
| Description |
Original:
h4. Problems {noformat} == Inline Script Block Line: 12 ---- <script> var jQ = jQuery.noConflict(true); var backend = <st:bind value="${it}"/> </script> ---- == Inline Event Handler Line: 27 ---- <th id="metric" onclick="sortTable('metric','configTable',a=> ---- == Inline Event Handler Line: 33 ---- <th id="since" onclick="sortTable('since','configTable',a=> ---- == Inline Event Handler Line: 44 ---- <input type="text" value="${conf.getValue().getUnit()}" id="${conf.getKey()}_unit" class="fields form-control" onchange="setMetricUnit('${conf.getKey()}')"> ---- == Inline Event Handler Line: 51 ---- <input type="number" value="${conf.getValue().getMinValue()}" id="${conf.getKey()}_minValue" step="any" class="form-control" onchange="setMetricMinValue('${conf.getKey()}')"> ---- == Inline Event Handler Line: 59 ---- <input type="number" value="${conf.getValue().getMaxValue()}" id="${conf.getKey()}_maxValue" step="any" class="form-control" onchange="setMetricMaxValue('${conf.getKey()}')"> ---- == Inline Event Handler Line: 67 ---- <input type="number" value="${conf.getValue().getMinPercent()}" id="${conf.getKey()}_minPercent" step="any" class="form-control" onchange="setMinPercent('${conf.getKey()}')"> ---- == Inline Event Handler Line: 75 ---- <input type="number" value="${conf.getValue().getMaxPercent()}" id="${conf.getKey()}_maxPercent" step="any" class="form-control" onchange="setMaxPercent('${conf.getKey()}')"> ---- == Inline Event Handler Line: 91 ---- <button type="button" class="btn btn-danger btn-sm" onclick="deleteMetric('${conf.getKey()}')"> ---- == Inline Event Handler Line: 99 ---- <button type="button" class="btn btn-danger btn-sm" onclick="deleteMetric('${conf.getKey()}')" disabled="true"> ---- == Inline Event Handler Line: 129 ---- <input type="text" id="newMetric" class="form-control" onchange="createMetric(document.getElementById('newMetric').value)"> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] |
New:
h1. Note
*While testing this plugin, evaluate whether the third-party libraries in {{src/main/webapp}} are compatible with CSP in restrictive mode. The plugin may need to be upgraded from jQuery 1.x to 3.x to fully function in CSP restrictive mode.* h4. Problems {noformat} == Inline Script Block Line: 12 ---- <script> var jQ = jQuery.noConflict(true); var backend = <st:bind value="${it}"/> </script> ---- == Inline Event Handler Line: 27 ---- <th id="metric" onclick="sortTable('metric','configTable',a=> ---- == Inline Event Handler Line: 33 ---- <th id="since" onclick="sortTable('since','configTable',a=> ---- == Inline Event Handler Line: 44 ---- <input type="text" value="${conf.getValue().getUnit()}" id="${conf.getKey()}_unit" class="fields form-control" onchange="setMetricUnit('${conf.getKey()}')"> ---- == Inline Event Handler Line: 51 ---- <input type="number" value="${conf.getValue().getMinValue()}" id="${conf.getKey()}_minValue" step="any" class="form-control" onchange="setMetricMinValue('${conf.getKey()}')"> ---- == Inline Event Handler Line: 59 ---- <input type="number" value="${conf.getValue().getMaxValue()}" id="${conf.getKey()}_maxValue" step="any" class="form-control" onchange="setMetricMaxValue('${conf.getKey()}')"> ---- == Inline Event Handler Line: 67 ---- <input type="number" value="${conf.getValue().getMinPercent()}" id="${conf.getKey()}_minPercent" step="any" class="form-control" onchange="setMinPercent('${conf.getKey()}')"> ---- == Inline Event Handler Line: 75 ---- <input type="number" value="${conf.getValue().getMaxPercent()}" id="${conf.getKey()}_maxPercent" step="any" class="form-control" onchange="setMaxPercent('${conf.getKey()}')"> ---- == Inline Event Handler Line: 91 ---- <button type="button" class="btn btn-danger btn-sm" onclick="deleteMetric('${conf.getKey()}')"> ---- == Inline Event Handler Line: 99 ---- <button type="button" class="btn btn-danger btn-sm" onclick="deleteMetric('${conf.getKey()}')" disabled="true"> ---- == Inline Event Handler Line: 129 ---- <input type="text" id="newMetric" class="form-control" onchange="createMetric(document.getElementById('newMetric').value)"> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] |