-
Type:
Task
-
Resolution: Unresolved
-
Priority:
Minor
-
Component/s: benchmark-evaluator-plugin
Note
While testing this plugin, evaluate whether the third-party libraries in src/main/webapp are compatible with CSP in restrictive mode. The plugin may need to be upgraded from jQuery 1.x to 3.x to fully function in CSP restrictive mode.
Problems
== Inline Script Block
Line: 56
----
<script>
var results = ${it.getCurrentResultsAsJson()};
var firstResult = ${it.getFirstResultsAsJson()};
var config = ${it.getConfigAsJson()};
<j:if test="${!it.wasCurrentActionSuccesfull()}">
var lastResult = ${it.getLastResultsAsJson()};
var lastStableResult = ${it.getLastStableResultAsJson()};
</j:if>
<j:if test="${it.wasCurrentActionSuccesfull()}">
var lastResult = ${it.getLastStableResultAsJson()};
</j:if>
var units = ${it.getUnits()};
</script>
----
== Inline Script Block
Line: 74
----
<script>
var jQ = jQuery.noConflict(true);
function sortPercent(x){
var str = x.textContent.toLowerCase();
if(str.includes('\u221E')){
if(str.startsWith('-'))
return Number.NEGATIVE_INFINITY;
else if(str.startsWith('+'))
return Number.POSITIVE_INFINITY;
}
else
return parseFloat(x.innerHTML.toLowerCase().split('%')[0]);
}
</script>
----
== Inline Event Handler
Line: 105
----
<th id="metrik" onclick="sortTable('metrik','resultTable',a=>
----
== Inline Event Handler
Line: 106
----
<th id="value" onclick="sortTable('value','resultTable',a=>
----
== Inline Event Handler
Line: 108
----
<th id="lastBuild" onclick="sortTable('lastBuild','resultTable',a=>
----
== Inline Event Handler
Line: 110
----
<th id="lastStableBuild" onclick="sortTable('lastStableBuild','resultTable',a=>
----
== Inline Event Handler
Line: 111
----
<th id="firstBuild" onclick="sortTable('lastStableBuild','resultTable',a=>
----
Solutions
https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks
https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers
