-
Task
-
Resolution: Unresolved
-
Minor
Note
While testing this plugin, evaluate whether the third-party libraries in src/main/webapp are compatible with CSP in restrictive mode. The plugin may need to be upgraded from jQuery 1.x to 3.x to fully function in CSP restrictive mode.
Problems
== Inline Script Block
Line: 56
----
<script>
var results = ${it.getCurrentResultsAsJson()};
var firstResult = ${it.getFirstResultsAsJson()};
var config = ${it.getConfigAsJson()};
<j:if test="${!it.wasCurrentActionSuccesfull()}">
var lastResult = ${it.getLastResultsAsJson()};
var lastStableResult = ${it.getLastStableResultAsJson()};
</j:if>
<j:if test="${it.wasCurrentActionSuccesfull()}">
var lastResult = ${it.getLastStableResultAsJson()};
</j:if>
var units = ${it.getUnits()};
</script>
----
== Inline Script Block
Line: 74
----
<script>
var jQ = jQuery.noConflict(true);
function sortPercent(x){
var str = x.textContent.toLowerCase();
if(str.includes('\u221E')){
if(str.startsWith('-'))
return Number.NEGATIVE_INFINITY;
else if(str.startsWith('+'))
return Number.POSITIVE_INFINITY;
}
else
return parseFloat(x.innerHTML.toLowerCase().split('%')[0]);
}
</script>
----
== Inline Event Handler
Line: 105
----
<th id="metrik" onclick="sortTable('metrik','resultTable',a=>
----
== Inline Event Handler
Line: 106
----
<th id="value" onclick="sortTable('value','resultTable',a=>
----
== Inline Event Handler
Line: 108
----
<th id="lastBuild" onclick="sortTable('lastBuild','resultTable',a=>
----
== Inline Event Handler
Line: 110
----
<th id="lastStableBuild" onclick="sortTable('lastStableBuild','resultTable',a=>
----
== Inline Event Handler
Line: 111
----
<th id="firstBuild" onclick="sortTable('lastStableBuild','resultTable',a=>
----
Solutions
https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks
https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers
[JENKINS-74541] [benchmark-evaluator] Extract inline script blocks and event handlers in io/jenkins/plugins/benchmark/BenchmarkAction/index.jelly
Basil Crow
created issue -
Basil Crow
made changes -
| Assignee | Original: Fabian Lehmann [ lehmann_fabian ] |
Basil Crow
made changes -
| Description |
Original:
h4. Problems {noformat} == Inline Event Handler Line: 105 ---- <th id="metrik" onclick="sortTable('metrik','resultTable',a=> ---- == Inline Event Handler Line: 106 ---- <th id="value" onclick="sortTable('value','resultTable',a=> ---- == Inline Event Handler Line: 108 ---- <th id="lastBuild" onclick="sortTable('lastBuild','resultTable',a=> ---- == Inline Event Handler Line: 110 ---- <th id="lastStableBuild" onclick="sortTable('lastStableBuild','resultTable',a=> ---- == Inline Event Handler Line: 111 ---- <th id="firstBuild" onclick="sortTable('lastStableBuild','resultTable',a=> ---- == Inline Script Block Line: 56 ---- <script> var results = ${it.getCurrentResultsAsJson()}; var firstResult = ${it.getFirstResultsAsJson()}; var config = ${it.getConfigAsJson()}; <j:if test="${!it.wasCurrentActionSuccesfull()}"> var lastResult = ${it.getLastResultsAsJson()}; var lastStableResult = ${it.getLastStableResultAsJson()}; </j:if> <j:if test="${it.wasCurrentActionSuccesfull()}"> var lastResult = ${it.getLastStableResultAsJson()}; </j:if> var units = ${it.getUnits()}; </script> ---- == Inline Script Block Line: 74 ---- <script> var jQ = jQuery.noConflict(true); function sortPercent(x){ var str = x.textContent.toLowerCase(); if(str.includes('\u221E')){ if(str.startsWith('-')) return Number.NEGATIVE_INFINITY; else if(str.startsWith('+')) return Number.POSITIVE_INFINITY; } else return parseFloat(x.innerHTML.toLowerCase().split('%')[0]); } </script> ---- == Inline Event Handler Line: 105 ---- <th id="metrik" onclick="sortTable('metrik','resultTable',a=> ---- == Inline Event Handler Line: 106 ---- <th id="value" onclick="sortTable('value','resultTable',a=> ---- == Inline Event Handler Line: 108 ---- <th id="lastBuild" onclick="sortTable('lastBuild','resultTable',a=> ---- == Inline Event Handler Line: 110 ---- <th id="lastStableBuild" onclick="sortTable('lastStableBuild','resultTable',a=> ---- == Inline Event Handler Line: 111 ---- <th id="firstBuild" onclick="sortTable('lastStableBuild','resultTable',a=> ---- == Inline Script Block Line: 56 ---- <script> var results = ${it.getCurrentResultsAsJson()}; var firstResult = ${it.getFirstResultsAsJson()}; var config = ${it.getConfigAsJson()}; <j:if test="${!it.wasCurrentActionSuccesfull()}"> var lastResult = ${it.getLastResultsAsJson()}; var lastStableResult = ${it.getLastStableResultAsJson()}; </j:if> <j:if test="${it.wasCurrentActionSuccesfull()}"> var lastResult = ${it.getLastStableResultAsJson()}; </j:if> var units = ${it.getUnits()}; </script> ---- == Inline Script Block Line: 74 ---- <script> var jQ = jQuery.noConflict(true); function sortPercent(x){ var str = x.textContent.toLowerCase(); if(str.includes('\u221E')){ if(str.startsWith('-')) return Number.NEGATIVE_INFINITY; else if(str.startsWith('+')) return Number.POSITIVE_INFINITY; } else return parseFloat(x.innerHTML.toLowerCase().split('%')[0]); } </script> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] |
New:
h4. Problems {noformat} == Inline Script Block Line: 56 ---- <script> var results = ${it.getCurrentResultsAsJson()}; var firstResult = ${it.getFirstResultsAsJson()}; var config = ${it.getConfigAsJson()}; <j:if test="${!it.wasCurrentActionSuccesfull()}"> var lastResult = ${it.getLastResultsAsJson()}; var lastStableResult = ${it.getLastStableResultAsJson()}; </j:if> <j:if test="${it.wasCurrentActionSuccesfull()}"> var lastResult = ${it.getLastStableResultAsJson()}; </j:if> var units = ${it.getUnits()}; </script> ---- == Inline Script Block Line: 74 ---- <script> var jQ = jQuery.noConflict(true); function sortPercent(x){ var str = x.textContent.toLowerCase(); if(str.includes('\u221E')){ if(str.startsWith('-')) return Number.NEGATIVE_INFINITY; else if(str.startsWith('+')) return Number.POSITIVE_INFINITY; } else return parseFloat(x.innerHTML.toLowerCase().split('%')[0]); } </script> ---- == Inline Event Handler Line: 105 ---- <th id="metrik" onclick="sortTable('metrik','resultTable',a=> ---- == Inline Event Handler Line: 106 ---- <th id="value" onclick="sortTable('value','resultTable',a=> ---- == Inline Event Handler Line: 108 ---- <th id="lastBuild" onclick="sortTable('lastBuild','resultTable',a=> ---- == Inline Event Handler Line: 110 ---- <th id="lastStableBuild" onclick="sortTable('lastStableBuild','resultTable',a=> ---- == Inline Event Handler Line: 111 ---- <th id="firstBuild" onclick="sortTable('lastStableBuild','resultTable',a=> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] |
Basil Crow
made changes -
| Description |
Original:
h4. Problems {noformat} == Inline Script Block Line: 56 ---- <script> var results = ${it.getCurrentResultsAsJson()}; var firstResult = ${it.getFirstResultsAsJson()}; var config = ${it.getConfigAsJson()}; <j:if test="${!it.wasCurrentActionSuccesfull()}"> var lastResult = ${it.getLastResultsAsJson()}; var lastStableResult = ${it.getLastStableResultAsJson()}; </j:if> <j:if test="${it.wasCurrentActionSuccesfull()}"> var lastResult = ${it.getLastStableResultAsJson()}; </j:if> var units = ${it.getUnits()}; </script> ---- == Inline Script Block Line: 74 ---- <script> var jQ = jQuery.noConflict(true); function sortPercent(x){ var str = x.textContent.toLowerCase(); if(str.includes('\u221E')){ if(str.startsWith('-')) return Number.NEGATIVE_INFINITY; else if(str.startsWith('+')) return Number.POSITIVE_INFINITY; } else return parseFloat(x.innerHTML.toLowerCase().split('%')[0]); } </script> ---- == Inline Event Handler Line: 105 ---- <th id="metrik" onclick="sortTable('metrik','resultTable',a=> ---- == Inline Event Handler Line: 106 ---- <th id="value" onclick="sortTable('value','resultTable',a=> ---- == Inline Event Handler Line: 108 ---- <th id="lastBuild" onclick="sortTable('lastBuild','resultTable',a=> ---- == Inline Event Handler Line: 110 ---- <th id="lastStableBuild" onclick="sortTable('lastStableBuild','resultTable',a=> ---- == Inline Event Handler Line: 111 ---- <th id="firstBuild" onclick="sortTable('lastStableBuild','resultTable',a=> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] |
New:
h1. Note
*While testing this plugin, evaluate whether the third-party libraries in {{src/main/webapp}} are compatible with CSP in restrictive mode. The plugin may need to be upgraded from jQuery 1.x to 3.x to fully function in CSP restrictive mode.* h4. Problems {noformat} == Inline Script Block Line: 56 ---- <script> var results = ${it.getCurrentResultsAsJson()}; var firstResult = ${it.getFirstResultsAsJson()}; var config = ${it.getConfigAsJson()}; <j:if test="${!it.wasCurrentActionSuccesfull()}"> var lastResult = ${it.getLastResultsAsJson()}; var lastStableResult = ${it.getLastStableResultAsJson()}; </j:if> <j:if test="${it.wasCurrentActionSuccesfull()}"> var lastResult = ${it.getLastStableResultAsJson()}; </j:if> var units = ${it.getUnits()}; </script> ---- == Inline Script Block Line: 74 ---- <script> var jQ = jQuery.noConflict(true); function sortPercent(x){ var str = x.textContent.toLowerCase(); if(str.includes('\u221E')){ if(str.startsWith('-')) return Number.NEGATIVE_INFINITY; else if(str.startsWith('+')) return Number.POSITIVE_INFINITY; } else return parseFloat(x.innerHTML.toLowerCase().split('%')[0]); } </script> ---- == Inline Event Handler Line: 105 ---- <th id="metrik" onclick="sortTable('metrik','resultTable',a=> ---- == Inline Event Handler Line: 106 ---- <th id="value" onclick="sortTable('value','resultTable',a=> ---- == Inline Event Handler Line: 108 ---- <th id="lastBuild" onclick="sortTable('lastBuild','resultTable',a=> ---- == Inline Event Handler Line: 110 ---- <th id="lastStableBuild" onclick="sortTable('lastStableBuild','resultTable',a=> ---- == Inline Event Handler Line: 111 ---- <th id="firstBuild" onclick="sortTable('lastStableBuild','resultTable',a=> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] |