Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-74541

[benchmark-evaluator] Extract inline script blocks and event handlers in io/jenkins/plugins/benchmark/BenchmarkAction/index.jelly

XMLWordPrintable

      Note

      While testing this plugin, evaluate whether the third-party libraries in src/main/webapp are compatible with CSP in restrictive mode. The plugin may need to be upgraded from jQuery 1.x to 3.x to fully function in CSP restrictive mode.

      Problems

      == Inline Script Block
Line: 56
----
<script>
                    var results = ${it.getCurrentResultsAsJson()};
                    var firstResult = ${it.getFirstResultsAsJson()};
                    var config = ${it.getConfigAsJson()};
                    <j:if test="${!it.wasCurrentActionSuccesfull()}">
                        var lastResult = ${it.getLastResultsAsJson()};
                        var lastStableResult = ${it.getLastStableResultAsJson()};
                    </j:if>
                    <j:if test="${it.wasCurrentActionSuccesfull()}">
                        var lastResult = ${it.getLastStableResultAsJson()};
                    </j:if>
                    var units = ${it.getUnits()};
                </script>
----

== Inline Script Block
Line: 74
----
<script>
					var jQ = jQuery.noConflict(true);
					
					function sortPercent(x){
						var str = x.textContent.toLowerCase();
						if(str.includes('\u221E')){
							if(str.startsWith('-'))
								return Number.NEGATIVE_INFINITY;
							else if(str.startsWith('+'))
								return Number.POSITIVE_INFINITY;
						}
						else
							return parseFloat(x.innerHTML.toLowerCase().split('%')[0]);
					}
				</script>
----

== Inline Event Handler
Line: 105
----
<th id="metrik" onclick="sortTable('metrik','resultTable',a=>
----

== Inline Event Handler
Line: 106
----
<th id="value" onclick="sortTable('value','resultTable',a=>
----

== Inline Event Handler
Line: 108
----
<th id="lastBuild" onclick="sortTable('lastBuild','resultTable',a=>
----

== Inline Event Handler
Line: 110
----
<th id="lastStableBuild" onclick="sortTable('lastStableBuild','resultTable',a=>
----

== Inline Event Handler
Line: 111
----
<th id="firstBuild" onclick="sortTable('lastStableBuild','resultTable',a=>
----

      Solutions

      https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks
      https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers

            Unassigned Unassigned
            basil Basil Crow
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: