Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-74600

[reqtify] Extract inline script blocks and event handler in io/jenkins/plugins/CallFunctionPipelineStep/config.jelly

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Minor Minor
    • reqtify-plugin

      Problems

      == Inline Script Block
      Line: 10
      ----
      <script>
                  var i = setInterval(function() { 
                      var isPending = document.getElementById("functions").hasClassName("select-ajax-pending");
                      if(!isPending) { clearInterval(i); showReqtifyFunctionError(); }
                  }, 1000);                    
            </script>
      ----
      
      == Inline Script Block
      Line: 22
      ----
      <script type="text/javascript" >    
               var url = window.location.pathname;
               var currentJob = url.match(new RegExp("job/(.*?)/"))[1];
              
               function getParameterValues() {
                  var e = document.getElementById("functions");
                  var functionName = e.options[e.selectedIndex].value;
                  backendFunction.renderParamUI(functionName,currentJob, function(htmlList){
                      document.querySelectorAll(".function-param").forEach(el => el.remove());
                      var myJSON = JSON.stringify(htmlList);
                      var res = JSON.parse(myJSON);     
                      var paramValues = JSON.parse(res.responseJSON);
                      var tr = document.getElementById("functions").parentElement.parentElement;
                      paramValues.forEach((html) => {
                        tr.insertAdjacentHTML('afterend', html);
                      });          
                      showReqtifyFunctionError();
                  });
                }
              
                setTimeout(function() { 
                      backendFunction.getSavedFunction(currentJob, function(functionName){
                      console.log(functionName.responseJSON);
                      console.log(typeof functionName.responseJSON);
                      if(functionName.responseJSON !== "") {
                          backendFunction.renderParamUI(functionName.responseJSON,currentJob, function(htmlList){
                              document.querySelectorAll(".function-param").forEach(el => el.remove());
                              var myJSON = JSON.stringify(htmlList);
                              var res = JSON.parse(myJSON);     
                              var paramValues = JSON.parse(res.responseJSON);
                              var tr = document.getElementById("functions").parentElement.parentElement;
                              paramValues.forEach((html) => {
                                tr.insertAdjacentHTML('afterend', html);
                              }); 
                              showReqtifyFunctionError();
                          });                    
                      }
                });     
              }, 1000);   
              
                function showReqtifyFunctionError() {
                  backendFunction.getReqtifyFunctionError(function(reqtifyFunctionError){
                      if(reqtifyFunctionError === undefined || reqtifyFunctionError === null) {
                          document.getElementById('reqtifyFunctionErrorDiv').style.display = 'none';   
                      } else {
                          document.getElementById('reqtifyFunctionErrorDiv').style.display = 'block';
                          document.getElementById('reqtifyFunctionErrorSpan').innerHTML = reqtifyFunctionError.responseJSON;   
                      }            
                  });        
                }                
          </script>
      ----
      
      == Inline Event Handler
      Line: 9
      ----
      <f:select id="functions" onchange="getParameterValues()" onload="showReqtifyError()" />
      ----
      

      Solutions

      https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks
      https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers

            Unassigned Unassigned
            basil Basil Crow
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: