-
Task
-
Resolution: Unresolved
-
Minor
Problems
== Inline Script Block
Line: 23
----
<script language="javascript">
/*
from: http://stackoverflow.com/questions/868407/hide-an-elements-next-sibling-with-javascript
Credit to John Resig for this function
taken from Pro JavaScript techniques
*/
function next(elem) {
do {
elem = elem.nextSibling;
} while (elem && elem.nodeType != 1);
return elem;
}
function validateUrl(str) {
//return URI_FORMAT_REGEX.test(str);
//var pattern = new RegExp("/^(ht|f)tps?:\/\/[a-z0-9-\.]+\.[a-z]{2,4}\/?([^\s<>\#%"\,\{\}\\|\\\^\[\]`]+)?$/");
var pattern = new RegExp("^(ht|f)tp(s?)\:\/\/[0-9a-zA-Z]([-.\w]*[0-9a-zA-Z])*(:(0-9)*)*(\/?)([a-zA-Z0-9\-\.\?\,\'\/\\\+&%\$#_]*)?$");
return str.match(pattern);
}
function validateUserInput(element) {
var errorHolder = next(element);
while (errorHolder.hasChildNodes()) {
errorHolder.removeChild(errorHolder.lastChild);
}
if (!validateUrl(element.value)) {
var errorMessage = document.createTextNode('warning: ' + element.value + ' is not a valid URL.');
errorHolder.appendChild(errorMessage);
}
}
</script>
----
== Inline Script Block
Line: 125
----
<script language="JavaScript" type="text/javascript">
var inputs = document.getElementsByTagName("input");
var i;
for (i = 0 ; i < inputs.length ; i++) {
var userInput = inputs[i];
if (userInput.name && (userInput.name.indexOf("hostUrl")!= -1)) {
validateUserInput(userInput);
}
}
</script>
----
== Legacy checkUrl
Line: 86
----
checkUrl="'descriptorByName/OOBuildStep/checkKeystorePath?value='+escape(this.value)"
----
== Legacy checkUrl
Line: 90
----
checkUrl="'descriptorByName/OOBuildStep/checkKeystorePassword?value='+escape(this.value)+'&path='+escape(document.getElementById('oo.keystore.path').value)"
----
== Inline Event Handler
Line: 102
----
<f:textbox value="${ooServer.getUrl()}" onchange="validateUserInput(this);" onkeyup="validateUserInput(this);"/>
----
Solutions
https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks
https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers
https://www.jenkins.io/doc/developer/security/csp/#legacy-javascript-checkurl-validation
[JENKINS-74588] [hp-operations-orchestration-automation-execution-plugin] Extract inline script blocks, extract inline event handler, and migrate legacy checkUrl attributes in WEB-INF/classes/com/hp/mercury/ci/jenkins/plugins/OOBuildStep/global.jelly
Basil Crow
created issue -
Basil Crow
made changes -
| Description |
Original:
h4. Problems {noformat} == Inline Event Handler Line: 102 ---- <f:textbox value="${ooServer.getUrl()}" onchange="validateUserInput(this);" onkeyup="validateUserInput(this);"/> ---- == Inline Script Block Line: 23 ---- <script language="javascript"> /* from: http://stackoverflow.com/questions/868407/hide-an-elements-next-sibling-with-javascript Credit to John Resig for this function taken from Pro JavaScript techniques */ function next(elem) { do { elem = elem.nextSibling; } while (elem && elem.nodeType != 1); return elem; } function validateUrl(str) { //return URI_FORMAT_REGEX.test(str); //var pattern = new RegExp("/^(ht|f)tps?:\/\/[a-z0-9-\.]+\.[a-z]{2,4}\/?([^\s<>\#%"\,\{\}\\|\\\^\[\]`]+)?$/"); var pattern = new RegExp("^(ht|f)tp(s?)\:\/\/[0-9a-zA-Z]([-.\w]*[0-9a-zA-Z])*(:(0-9)*)*(\/?)([a-zA-Z0-9\-\.\?\,\'\/\\\+&%\$#_]*)?$"); return str.match(pattern); } function validateUserInput(element) { var errorHolder = next(element); while (errorHolder.hasChildNodes()) { errorHolder.removeChild(errorHolder.lastChild); } if (!validateUrl(element.value)) { var errorMessage = document.createTextNode('warning: ' + element.value + ' is not a valid URL.'); errorHolder.appendChild(errorMessage); } } </script> ---- == Inline Script Block Line: 125 ---- <script language="JavaScript" type="text/javascript"> var inputs = document.getElementsByTagName("input"); var i; for (i = 0 ; i < inputs.length ; i++) { var userInput = inputs[i]; if (userInput.name && (userInput.name.indexOf("hostUrl")!= -1)) { validateUserInput(userInput); } } </script> ---- == Legacy checkUrl Line: 86 ---- checkUrl="'descriptorByName/OOBuildStep/checkKeystorePath?value='+escape(this.value)" ---- == Legacy checkUrl Line: 90 ---- checkUrl="'descriptorByName/OOBuildStep/checkKeystorePassword?value='+escape(this.value)+'&path='+escape(document.getElementById('oo.keystore.path').value)" ---- == Inline Event Handler Line: 102 ---- <f:textbox value="${ooServer.getUrl()}" onchange="validateUserInput(this);" onkeyup="validateUserInput(this);"/> ---- == Inline Script Block Line: 23 ---- <script language="javascript"> /* from: http://stackoverflow.com/questions/868407/hide-an-elements-next-sibling-with-javascript Credit to John Resig for this function taken from Pro JavaScript techniques */ function next(elem) { do { elem = elem.nextSibling; } while (elem && elem.nodeType != 1); return elem; } function validateUrl(str) { //return URI_FORMAT_REGEX.test(str); //var pattern = new RegExp("/^(ht|f)tps?:\/\/[a-z0-9-\.]+\.[a-z]{2,4}\/?([^\s<>\#%"\,\{\}\\|\\\^\[\]`]+)?$/"); var pattern = new RegExp("^(ht|f)tp(s?)\:\/\/[0-9a-zA-Z]([-.\w]*[0-9a-zA-Z])*(:(0-9)*)*(\/?)([a-zA-Z0-9\-\.\?\,\'\/\\\+&%\$#_]*)?$"); return str.match(pattern); } function validateUserInput(element) { var errorHolder = next(element); while (errorHolder.hasChildNodes()) { errorHolder.removeChild(errorHolder.lastChild); } if (!validateUrl(element.value)) { var errorMessage = document.createTextNode('warning: ' + element.value + ' is not a valid URL.'); errorHolder.appendChild(errorMessage); } } </script> ---- == Inline Script Block Line: 125 ---- <script language="JavaScript" type="text/javascript"> var inputs = document.getElementsByTagName("input"); var i; for (i = 0 ; i < inputs.length ; i++) { var userInput = inputs[i]; if (userInput.name && (userInput.name.indexOf("hostUrl")!= -1)) { validateUserInput(userInput); } } </script> ---- == Legacy checkUrl Line: 86 ---- checkUrl="'descriptorByName/OOBuildStep/checkKeystorePath?value='+escape(this.value)" ---- == Legacy checkUrl Line: 90 ---- checkUrl="'descriptorByName/OOBuildStep/checkKeystorePassword?value='+escape(this.value)+'&path='+escape(document.getElementById('oo.keystore.path').value)" ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] [https://www.jenkins.io/doc/developer/security/csp/#legacy-javascript-checkurl-validation] |
New:
h4. Problems {noformat} == Inline Script Block Line: 23 ---- <script language="javascript"> /* from: http://stackoverflow.com/questions/868407/hide-an-elements-next-sibling-with-javascript Credit to John Resig for this function taken from Pro JavaScript techniques */ function next(elem) { do { elem = elem.nextSibling; } while (elem && elem.nodeType != 1); return elem; } function validateUrl(str) { //return URI_FORMAT_REGEX.test(str); //var pattern = new RegExp("/^(ht|f)tps?:\/\/[a-z0-9-\.]+\.[a-z]{2,4}\/?([^\s<>\#%"\,\{\}\\|\\\^\[\]`]+)?$/"); var pattern = new RegExp("^(ht|f)tp(s?)\:\/\/[0-9a-zA-Z]([-.\w]*[0-9a-zA-Z])*(:(0-9)*)*(\/?)([a-zA-Z0-9\-\.\?\,\'\/\\\+&%\$#_]*)?$"); return str.match(pattern); } function validateUserInput(element) { var errorHolder = next(element); while (errorHolder.hasChildNodes()) { errorHolder.removeChild(errorHolder.lastChild); } if (!validateUrl(element.value)) { var errorMessage = document.createTextNode('warning: ' + element.value + ' is not a valid URL.'); errorHolder.appendChild(errorMessage); } } </script> ---- == Inline Script Block Line: 125 ---- <script language="JavaScript" type="text/javascript"> var inputs = document.getElementsByTagName("input"); var i; for (i = 0 ; i < inputs.length ; i++) { var userInput = inputs[i]; if (userInput.name && (userInput.name.indexOf("hostUrl")!= -1)) { validateUserInput(userInput); } } </script> ---- == Legacy checkUrl Line: 86 ---- checkUrl="'descriptorByName/OOBuildStep/checkKeystorePath?value='+escape(this.value)" ---- == Legacy checkUrl Line: 90 ---- checkUrl="'descriptorByName/OOBuildStep/checkKeystorePassword?value='+escape(this.value)+'&path='+escape(document.getElementById('oo.keystore.path').value)" ---- == Inline Event Handler Line: 102 ---- <f:textbox value="${ooServer.getUrl()}" onchange="validateUserInput(this);" onkeyup="validateUserInput(this);"/> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] [https://www.jenkins.io/doc/developer/security/csp/#legacy-javascript-checkurl-validation] |
| Summary | Original: [hp-operations-orchestration-automation-execution-plugin] Extract inline script blocks, extract inline event handlers, and migrate legacy checkUrl attributes in WEB-INF/classes/com/hp/mercury/ci/jenkins/plugins/OOBuildStep/global.jelly | New: [hp-operations-orchestration-automation-execution-plugin] Extract inline script blocks, extract inline event handler, and migrate legacy checkUrl attributes in WEB-INF/classes/com/hp/mercury/ci/jenkins/plugins/OOBuildStep/global.jelly |