-
Task
-
Resolution: Unresolved
-
Minor
Note
While testing this plugin, evaluate whether the third-party libraries in src/main/webapp are compatible with CSP in restrictive mode. The plugin may need to be upgraded from jQuery 1.x to 3.x to fully function in CSP restrictive mode.
Problem
== Inline Script Block
Line: 25
----
<script type="text/javascript">
var myTabs = new YAHOO.widget.TabView("statistics");
YAHOO.plugin.Dispatcher.delegate (new YAHOO.widget.Tab({
label: '${%Warnings}',
content: '<table class="pane sortable" id="packages">
<tr>
<td class="pane-header">${%Line}</td>
<td class="pane-header">${%Cost}</td>
<td class="pane-header">${%Reason}</td>
<td class="pane-header">${%Method}</td>
</tr>
<tbody>
<j:forEach var="subCost" items="${it.costStack}">
<tr>
<j:choose>
<j:when test="${mainMethodCost.overall > 100}">
<td class="pane"><span style="color:red">${subCost.line}</span></td>
<td class="pane"><span style="color:red">${subCost.overall}</span></td>
<td class="pane"><span style="color:red">${subCost.reason}</span></td>
</j:when>
<j:when test="${mainMethodCost.overall > 20}">
<td class="pane"><span style="color:orange">${subCost.line}</span></td>
<td class="pane"><span style="color:orange">${subCost.overall}</span></td>
<td class="pane"><span style="color:orange">${subCost.reason}</span></td>
</j:when>
<j:otherwise>
<td class="pane"><span style="color:green">${subCost.line}</span></td>
<td class="pane"><span style="color:green">${subCost.overall}</span></td>
<td class="pane"><span style="color:green">${subCost.reason}</span></td>
</j:otherwise>
</j:choose>
<td class="pane">
${subCost.displayName}
</td>
</tr>
</j:forEach>
</tbody>
</table>',
cacheData: true,
active: true
}), myTabs);
</script>
----
Solution
https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks
