-
Task
-
Resolution: Unresolved
-
Minor
Note
While testing this plugin, evaluate whether the third-party libraries in src/main/webapp are compatible with CSP in restrictive mode. The plugin may need to be upgraded from jQuery 1.x to 3.x to fully function in CSP restrictive mode.
Problems
== Inline Script Block
Line: 34
----
<script type="text/javascript">
var myTabs = new YAHOO.widget.TabView("statistics");
</script>
----
== Inline Script Block
Line: 42
----
<script type="text/javascript">
YAHOO.plugin.Dispatcher.delegate (new YAHOO.widget.Tab({
label: '<j:choose><j:when test="${null != result.displayName}">${result.displayName}</j:when><j:otherwise>${%Classes}</j:otherwise></j:choose>',
content: ' <h3>${%Summary}</h3>
<table border="1px" class="pane sortable">
<thead>
<tr>
<th>${%Number of Classes}</th>
<th>${%Excellent}</th>
<th>${%Good}</th>
<th>${%Needs Work}</th>
<th>${%Total}</th>
</tr>
</thead>
<tbody>
<tr>
<th align="left">${result.costSummary.numberOfClasses}</th>
<td align="right">${result.costSummary.excellent}</td>
<td align="right">${result.costSummary.good}</td>
<td align="right">${result.costSummary.needsWork}</td>
<td align="right">${result.costSummary.total}</td>
</tr>
</tbody>
</table>
<br /><br /><table class="pane sortable" id="packages">
<tr>
<td class="pane-header">${%Class}</td>
<td class="pane-header" style="width:2em">${%Cost}</td>
</tr>
<tbody>
<j:forEach var="classCost" items="${result.costSummary.costStack}">
<tr>
<td class="pane">
<a href="class.${classCost.name}/">${classCost.name}</a>
</td>
<j:choose>
<j:when test="${classCost.cost > 100}">
<td class="pane"><span style="color:red">${classCost.cost}</span></td>
</j:when>
<j:when test="${classCost.cost > 20}">
<td class="pane"><span style="color:orange">${classCost.cost}</span></td>
</j:when>
<j:otherwise>
<td class="pane"><span style="color:green">${classCost.cost}</span></td>
</j:otherwise>
</j:choose>
</tr>
</j:forEach>
</tbody>
</table>',
cacheData: true,
active: true
}), myTabs);
</script>
----
== Inline Script Block
Line: 99
----
<script type="text/javascript">
YAHOO.plugin.Dispatcher.delegate (new YAHOO.widget.Tab({
label: '<j:choose><j:when test="${null != result.displayName}">${result.displayName}</j:when><j:otherwise>${%Classes}</j:otherwise></j:choose>',
content: '<table class="pane sortable" id="packages">
<tr>
<td class="pane-header">${%Class}</td>
<td class="pane-header" style="width:2em">${%Cost}</td>
</tr>
<tbody>
<j:forEach var="classCost" items="${result.costSummary.costStack}">
<tr>
<td class="pane">
<a href="class.${classCost.name}/">${classCost.name}</a>
</td>
<j:choose>
<j:when test="${classCost.cost > 100}">
<td class="pane"><span style="color:red">${classCost.cost}</span></td>
</j:when>
<j:when test="${classCost.cost > 20}">
<td class="pane"><span style="color:orange">${classCost.cost}</span></td>
</j:when>
<j:otherwise>
<td class="pane"><span style="color:green">${classCost.cost}</span></td>
</j:otherwise>
</j:choose>
</tr>
</j:forEach>
</tbody>
</table>',
cacheData: true,
active: true
}), myTabs);
</script>
----
Solution
https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks
