[nopmdverifytrac] Extract inline script blocks in WEB-INF/classes/org/jenkinsci/plugins/nopmdcheck/verifytrac/VerifyTracAction/index.jelly

XMLWordPrintable

      Note

      While testing this plugin, evaluate whether the third-party libraries in src/main/webapp are compatible with CSP in restrictive mode. The plugin may need to be upgraded from jQuery 1.x to 3.x to fully function in CSP restrictive mode.

      Problems

      == Inline Script Block
Line: 201
----
<script type="text/javascript"> var $$ = jQuery.noConflict(); </script>
----

== Inline Script Block
Line: 202
----
<script type="text/javascript">
			<![CDATA[
				var RESULTS = ${it.resultListAsJson};
				]]></script>
----

== Inline Script Block
Line: 206
----
<script type="text/javascript">
				<![CDATA[
				var TYPEMAP = ${it.typeMapAsJson};
				_.forEach(RESULTS,function(file){_.forEach(file.lineHolders, function(line){line.status = TYPEMAP[line.hashcode]})});
			]]>
			</script>
----

== Inline Script Block
Line: 212
----
<script type="html-templ" id="tmpl-link">
			<![CDATA[
				<a href="<%= tracUrl%>/ticket/<%= ticketId %>">#<%= ticketId %></a>
			]]>
			</script>
----

== Inline Script Block
Line: 217
----
<script type="text/javascript">
				<![CDATA[
				(function($$){
					$$(function(){
						$$('#tbl-detail td.wholeline').each(function(){
							var tracUrl = '${it.tracUrl}';
							var html = $$(this).html();
							var ticket = html.match(/#(\d+)/);
							if(ticket){
								$$(this).html(html.replace(/#\d+/, _.template($$('#tmpl-link').html(), {ticketId:ticket[1], tracUrl:tracUrl})));
							}
						});
						

						$$('#btn-ngonly').click(function(){
							$$('div.nopmd-result tr.line-ok').hide();
							$$('#btn-ngonly, #btn-all').toggle();
							stripify();
							location.href="#ngonly";
						});
						
						$$('#btn-all').click(function(){
							$$('div.nopmd-result tr.line-ok').show();
							$$('#btn-ngonly, #btn-all').toggle();
							stripify();
							location.href="#all";
						});
						if(location.href.match(/#all/)){
							$$('#btn-all').trigger('click');
						}
						stripify();
					});
					
					var stripify = function(){
						$$('div.file-area table tbody').each(function(){
							$$(this).find('tr').removeClass('record-odd').removeClass('record-even');
							$$(this).find('tr:visible:odd').addClass('record-odd');
							$$(this).find('tr:visible:even').addClass('record-even');
						});
					};
				})(jQuery);
				]]>
			</script>
----

      Solution

      https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks

            Assignee:
            Unassigned
            Reporter:
            Basil Crow
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: