-
Task
-
Resolution: Unresolved
-
Minor
Note
While testing this plugin, evaluate whether the third-party libraries in src/main/webapp are compatible with CSP in restrictive mode. The plugin may need to be upgraded from jQuery 1.x to 3.x to fully function in CSP restrictive mode.
Problems
== Inline Script Block
Line: 31
----
<script>
function stopTest(value){
if(value == 1){
var jobid = document.getElementById("jobid").value;
var username = document.getElementById("username").value;
var url = document.getElementById("url").value;
if(url == ""){
alert("Please enter url");
return;
}
if(username == "") {
alert("Please enter user name.");
return;
}
if(jobid == "") {
alert("Please enter job id.");
return;
}
document.getElementById('msg').style.display = "block";
instance.stopRunningTest(jobid,username,url, function(t) {
var res = t.responseObject();
document.getElementById('msg').style.display = "none";
alert(res);
window.history.back();
});
}else if(value == 0){
window.history.back();
}
}
</script>
----
== Inline Event Handler
Line: 18
----
<span onclick="stopTest(1)">
----
== Inline Event Handler
Line: 22
----
<span onclick="stopTest(0)">
----
Solutions
https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks
https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers
[JENKINS-74613] [cavisson-ns-nd-integration] Extract inline script block and event handlers in com/cavisson/jenkins/BuildActionStopThread/index.jelly
Basil Crow
created issue -
Basil Crow
made changes -
| Assignee | Original: Cavisson Systems [ cavissonsystems ] |
Basil Crow
made changes -
| Description |
Original:
h4. Problems {noformat} == Inline Event Handler Line: 18 ---- <span onclick="stopTest(1)"> ---- == Inline Event Handler Line: 22 ---- <span onclick="stopTest(0)"> ---- == Inline Script Block Line: 31 ---- <script> function stopTest(value){ if(value == 1){ var jobid = document.getElementById("jobid").value; var username = document.getElementById("username").value; var url = document.getElementById("url").value; if(url == ""){ alert("Please enter url"); return; } if(username == "") { alert("Please enter user name."); return; } if(jobid == "") { alert("Please enter job id."); return; } document.getElementById('msg').style.display = "block"; instance.stopRunningTest(jobid,username,url, function(t) { var res = t.responseObject(); document.getElementById('msg').style.display = "none"; alert(res); window.history.back(); }); }else if(value == 0){ window.history.back(); } } </script> ---- == Inline Event Handler Line: 18 ---- <span onclick="stopTest(1)"> ---- == Inline Event Handler Line: 22 ---- <span onclick="stopTest(0)"> ---- == Inline Script Block Line: 31 ---- <script> function stopTest(value){ if(value == 1){ var jobid = document.getElementById("jobid").value; var username = document.getElementById("username").value; var url = document.getElementById("url").value; if(url == ""){ alert("Please enter url"); return; } if(username == "") { alert("Please enter user name."); return; } if(jobid == "") { alert("Please enter job id."); return; } document.getElementById('msg').style.display = "block"; instance.stopRunningTest(jobid,username,url, function(t) { var res = t.responseObject(); document.getElementById('msg').style.display = "none"; alert(res); window.history.back(); }); }else if(value == 0){ window.history.back(); } } </script> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] |
New:
h4. Problems {noformat} == Inline Script Block Line: 31 ---- <script> function stopTest(value){ if(value == 1){ var jobid = document.getElementById("jobid").value; var username = document.getElementById("username").value; var url = document.getElementById("url").value; if(url == ""){ alert("Please enter url"); return; } if(username == "") { alert("Please enter user name."); return; } if(jobid == "") { alert("Please enter job id."); return; } document.getElementById('msg').style.display = "block"; instance.stopRunningTest(jobid,username,url, function(t) { var res = t.responseObject(); document.getElementById('msg').style.display = "none"; alert(res); window.history.back(); }); }else if(value == 0){ window.history.back(); } } </script> ---- == Inline Event Handler Line: 18 ---- <span onclick="stopTest(1)"> ---- == Inline Event Handler Line: 22 ---- <span onclick="stopTest(0)"> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] |
| Summary | Original: [cavisson-ns-nd-integration] Extract inline script blocks and event handlers in com/cavisson/jenkins/BuildActionStopThread/index.jelly | New: [cavisson-ns-nd-integration] Extract inline script block and event handlers in com/cavisson/jenkins/BuildActionStopThread/index.jelly |
Basil Crow
made changes -
| Description |
Original:
h4. Problems {noformat} == Inline Script Block Line: 31 ---- <script> function stopTest(value){ if(value == 1){ var jobid = document.getElementById("jobid").value; var username = document.getElementById("username").value; var url = document.getElementById("url").value; if(url == ""){ alert("Please enter url"); return; } if(username == "") { alert("Please enter user name."); return; } if(jobid == "") { alert("Please enter job id."); return; } document.getElementById('msg').style.display = "block"; instance.stopRunningTest(jobid,username,url, function(t) { var res = t.responseObject(); document.getElementById('msg').style.display = "none"; alert(res); window.history.back(); }); }else if(value == 0){ window.history.back(); } } </script> ---- == Inline Event Handler Line: 18 ---- <span onclick="stopTest(1)"> ---- == Inline Event Handler Line: 22 ---- <span onclick="stopTest(0)"> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] |
New:
h1. Note
*While testing this plugin, evaluate whether the third-party libraries in {{src/main/webapp}} are compatible with CSP in restrictive mode. The plugin may need to be upgraded from jQuery 1.x to 3.x to fully function in CSP restrictive mode.* h4. Problems {noformat} == Inline Script Block Line: 31 ---- <script> function stopTest(value){ if(value == 1){ var jobid = document.getElementById("jobid").value; var username = document.getElementById("username").value; var url = document.getElementById("url").value; if(url == ""){ alert("Please enter url"); return; } if(username == "") { alert("Please enter user name."); return; } if(jobid == "") { alert("Please enter job id."); return; } document.getElementById('msg').style.display = "block"; instance.stopRunningTest(jobid,username,url, function(t) { var res = t.responseObject(); document.getElementById('msg').style.display = "none"; alert(res); window.history.back(); }); }else if(value == 0){ window.history.back(); } } </script> ---- == Inline Event Handler Line: 18 ---- <span onclick="stopTest(1)"> ---- == Inline Event Handler Line: 22 ---- <span onclick="stopTest(0)"> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] |