-
Task
-
Resolution: Unresolved
-
Minor
Note
While testing this plugin, evaluate whether the third-party libraries in src/main/webapp are compatible with CSP in restrictive mode. The plugin may need to be upgraded from jQuery 1.x to 3.x to fully function in CSP restrictive mode.
Problems
== Inline Script Block
Line: 4
----
<script type="text/javascript">
Timeline_ajax_url = "${it.pluginResourcePath}timeline_2.3.0/timeline_ajax/simile-ajax-api.js";
Timeline_urlPrefix = "${it.pluginResourcePath}timeline_2.3.0/timeline_js/";
Timeline_parameters = "bundle=true";
</script>
----
== Inline Script Block
Line: 10
----
<script type="text/javascript">
addWindowEventListener("load",
function() {
var tl;
var tz = ${it.timeZoneOffset};
var eventSource = new Timeline.DefaultEventSource();
eventSource.loadJSON(eval("${it.jobEventsJSON}"), ".");
var bandInfos = [
Timeline.createBandInfo({
eventSource: eventSource,
date: "${it.configuration.timeSlot.currentTime}",
timeZone: tz,
width: "30%",
intervalUnit: Timeline.DateTime.DAY,
intervalPixels: 200,
overview: true
}),
Timeline.createBandInfo({
eventSource: eventSource,
date: "${it.configuration.timeSlot.currentTime}",
timeZone: tz,
width: "70%",
intervalUnit: Timeline.DateTime.HOUR,
intervalPixels: 100
})
];
for (var i = 0; i ${%lessThan} bandInfos.length; i++) {
bandInfos[i].decorators = ${it.configuration.timeSlot.decoratorJSON};
}
bandInfos[0].syncWith = 1;
bandInfos[0].highlight = true;
tl = Timeline.create(document.getElementById("smart-jenkins-timeline"), bandInfos);
var resizeTimerID = null;
addWindowEventListener("resize",
function onResize() {
if (resizeTimerID == null) {
resizeTimerID = window.setTimeout(function() {
resizeTimerID = null;
tl.layout();
}, 500);
}
}
);
}
);
function addWindowEventListener(event, func) {
if (window.addEventListener) { //for W3C DOM
window.addEventListener(event, func, false);
} else if (window.attachEvent) { //for IE
window.attachEvent("on" + event, func);
} else {
if (event == "load") {
window.onload = func;
} else if (event == "resize") {
window.onresize = func;
}
}
}
function showHelp(name) {
if (document.getElementById(name).style.display == "none") {
document.getElementById(name).style.display = "";
} else {
document.getElementById(name).style.display = "none";
}
}
function validate() {
return validateTimeSlot();
}
function validateTimeSlot() {
var items = document.getElementById("timeSlot").value.replace(/\s/g, "").split(",");
for (var i in items) {
if (!items[i].match(/^((\d|[01][0-9]|2[0-4])(:(\d|[05][0-9])){0,2})?(-((\d|[01][0-9]|2[0-4])(:(\d|[05][0-9])){0,2})?)?$/)) {
alert('Invalid input value "' + items[i] + '".');
return false;
}
}
return true;
}
</script>
----
== Inline Event Handler
Line: 152
----
<f:form action="configureTimeSlot" method="post" onsubmit="return validate();">
----
Solutions
https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks
https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers
