-
Task
-
Resolution: Unresolved
-
Minor
Note
While testing this plugin, evaluate whether the third-party libraries in src/main/webapp are compatible with CSP in restrictive mode. The plugin may need to be upgraded from jQuery 1.x to 3.x to fully function in CSP restrictive mode.
Problems
== Inline Script Block
Line: 4
----
<script type="text/javascript">
Timeline_ajax_url = "${it.pluginResourcePath}timeline_2.3.0/timeline_ajax/simile-ajax-api.js";
Timeline_urlPrefix = "${it.pluginResourcePath}timeline_2.3.0/timeline_js/";
Timeline_parameters = "bundle=true";
</script>
----
== Inline Script Block
Line: 10
----
<script type="text/javascript">
addWindowEventListener("load",
function() {
var tl;
var tz = ${it.timeZoneOffset};
var eventSource = new Timeline.DefaultEventSource();
eventSource.loadJSON(eval("${it.jobEventsJSON}"), ".");
var bandInfos = [
Timeline.createBandInfo({
eventSource: eventSource,
date: "${it.configuration.timeSlot.currentTime}",
timeZone: tz,
width: "30%",
intervalUnit: Timeline.DateTime.DAY,
intervalPixels: 200,
overview: true
}),
Timeline.createBandInfo({
eventSource: eventSource,
date: "${it.configuration.timeSlot.currentTime}",
timeZone: tz,
width: "70%",
intervalUnit: Timeline.DateTime.HOUR,
intervalPixels: 100
})
];
for (var i = 0; i ${%lessThan} bandInfos.length; i++) {
bandInfos[i].decorators = ${it.configuration.timeSlot.decoratorJSON};
}
bandInfos[0].syncWith = 1;
bandInfos[0].highlight = true;
tl = Timeline.create(document.getElementById("smart-jenkins-timeline"), bandInfos);
var resizeTimerID = null;
addWindowEventListener("resize",
function onResize() {
if (resizeTimerID == null) {
resizeTimerID = window.setTimeout(function() {
resizeTimerID = null;
tl.layout();
}, 500);
}
}
);
}
);
function addWindowEventListener(event, func) {
if (window.addEventListener) { //for W3C DOM
window.addEventListener(event, func, false);
} else if (window.attachEvent) { //for IE
window.attachEvent("on" + event, func);
} else {
if (event == "load") {
window.onload = func;
} else if (event == "resize") {
window.onresize = func;
}
}
}
function showHelp(name) {
if (document.getElementById(name).style.display == "none") {
document.getElementById(name).style.display = "";
} else {
document.getElementById(name).style.display = "none";
}
}
function validate() {
return validateTimeSlot();
}
function validateTimeSlot() {
var items = document.getElementById("timeSlot").value.replace(/\s/g, "").split(",");
for (var i in items) {
if (!items[i].match(/^((\d|[01][0-9]|2[0-4])(:(\d|[05][0-9])){0,2})?(-((\d|[01][0-9]|2[0-4])(:(\d|[05][0-9])){0,2})?)?$/)) {
alert('Invalid input value "' + items[i] + '".');
return false;
}
}
return true;
}
</script>
----
== Inline Event Handler
Line: 152
----
<f:form action="configureTimeSlot" method="post" onsubmit="return validate();">
----
Solutions
https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks
https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers
[JENKINS-74701] [smart-jenkins] Extract inline script blocks and event handler in WEB-INF/classes/smartjenkins/SmartJenkinsAction/index.jelly
Basil Crow
created issue -
Basil Crow
made changes -
| Description |
Original:
h4. Problems {noformat} == Inline Event Handler Line: 152 ---- <f:form action="configureTimeSlot" method="post" onsubmit="return validate();"> ---- == Inline Script Block Line: 4 ---- <script type="text/javascript"> Timeline_ajax_url = "${it.pluginResourcePath}timeline_2.3.0/timeline_ajax/simile-ajax-api.js"; Timeline_urlPrefix = "${it.pluginResourcePath}timeline_2.3.0/timeline_js/"; Timeline_parameters = "bundle=true"; </script> ---- == Inline Script Block Line: 10 ---- <script type="text/javascript"> addWindowEventListener("load", function() { var tl; var tz = ${it.timeZoneOffset}; var eventSource = new Timeline.DefaultEventSource(); eventSource.loadJSON(eval("${it.jobEventsJSON}"), "."); var bandInfos = [ Timeline.createBandInfo({ eventSource: eventSource, date: "${it.configuration.timeSlot.currentTime}", timeZone: tz, width: "30%", intervalUnit: Timeline.DateTime.DAY, intervalPixels: 200, overview: true }), Timeline.createBandInfo({ eventSource: eventSource, date: "${it.configuration.timeSlot.currentTime}", timeZone: tz, width: "70%", intervalUnit: Timeline.DateTime.HOUR, intervalPixels: 100 }) ]; for (var i = 0; i ${%lessThan} bandInfos.length; i++) { bandInfos[i].decorators = ${it.configuration.timeSlot.decoratorJSON}; } bandInfos[0].syncWith = 1; bandInfos[0].highlight = true; tl = Timeline.create(document.getElementById("smart-jenkins-timeline"), bandInfos); var resizeTimerID = null; addWindowEventListener("resize", function onResize() { if (resizeTimerID == null) { resizeTimerID = window.setTimeout(function() { resizeTimerID = null; tl.layout(); }, 500); } } ); } ); function addWindowEventListener(event, func) { if (window.addEventListener) { //for W3C DOM window.addEventListener(event, func, false); } else if (window.attachEvent) { //for IE window.attachEvent("on" + event, func); } else { if (event == "load") { window.onload = func; } else if (event == "resize") { window.onresize = func; } } } function showHelp(name) { if (document.getElementById(name).style.display == "none") { document.getElementById(name).style.display = ""; } else { document.getElementById(name).style.display = "none"; } } function validate() { return validateTimeSlot(); } function validateTimeSlot() { var items = document.getElementById("timeSlot").value.replace(/\s/g, "").split(","); for (var i in items) { if (!items[i].match(/^((\d|[01][0-9]|2[0-4])(:(\d|[05][0-9])){0,2})?(-((\d|[01][0-9]|2[0-4])(:(\d|[05][0-9])){0,2})?)?$/)) { alert('Invalid input value "' + items[i] + '".'); return false; } } return true; } </script> ---- == Inline Event Handler Line: 152 ---- <f:form action="configureTimeSlot" method="post" onsubmit="return validate();"> ---- == Inline Script Block Line: 4 ---- <script type="text/javascript"> Timeline_ajax_url = "${it.pluginResourcePath}timeline_2.3.0/timeline_ajax/simile-ajax-api.js"; Timeline_urlPrefix = "${it.pluginResourcePath}timeline_2.3.0/timeline_js/"; Timeline_parameters = "bundle=true"; </script> ---- == Inline Script Block Line: 10 ---- <script type="text/javascript"> addWindowEventListener("load", function() { var tl; var tz = ${it.timeZoneOffset}; var eventSource = new Timeline.DefaultEventSource(); eventSource.loadJSON(eval("${it.jobEventsJSON}"), "."); var bandInfos = [ Timeline.createBandInfo({ eventSource: eventSource, date: "${it.configuration.timeSlot.currentTime}", timeZone: tz, width: "30%", intervalUnit: Timeline.DateTime.DAY, intervalPixels: 200, overview: true }), Timeline.createBandInfo({ eventSource: eventSource, date: "${it.configuration.timeSlot.currentTime}", timeZone: tz, width: "70%", intervalUnit: Timeline.DateTime.HOUR, intervalPixels: 100 }) ]; for (var i = 0; i ${%lessThan} bandInfos.length; i++) { bandInfos[i].decorators = ${it.configuration.timeSlot.decoratorJSON}; } bandInfos[0].syncWith = 1; bandInfos[0].highlight = true; tl = Timeline.create(document.getElementById("smart-jenkins-timeline"), bandInfos); var resizeTimerID = null; addWindowEventListener("resize", function onResize() { if (resizeTimerID == null) { resizeTimerID = window.setTimeout(function() { resizeTimerID = null; tl.layout(); }, 500); } } ); } ); function addWindowEventListener(event, func) { if (window.addEventListener) { //for W3C DOM window.addEventListener(event, func, false); } else if (window.attachEvent) { //for IE window.attachEvent("on" + event, func); } else { if (event == "load") { window.onload = func; } else if (event == "resize") { window.onresize = func; } } } function showHelp(name) { if (document.getElementById(name).style.display == "none") { document.getElementById(name).style.display = ""; } else { document.getElementById(name).style.display = "none"; } } function validate() { return validateTimeSlot(); } function validateTimeSlot() { var items = document.getElementById("timeSlot").value.replace(/\s/g, "").split(","); for (var i in items) { if (!items[i].match(/^((\d|[01][0-9]|2[0-4])(:(\d|[05][0-9])){0,2})?(-((\d|[01][0-9]|2[0-4])(:(\d|[05][0-9])){0,2})?)?$/)) { alert('Invalid input value "' + items[i] + '".'); return false; } } return true; } </script> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] |
New:
h4. Problems {noformat} == Inline Script Block Line: 4 ---- <script type="text/javascript"> Timeline_ajax_url = "${it.pluginResourcePath}timeline_2.3.0/timeline_ajax/simile-ajax-api.js"; Timeline_urlPrefix = "${it.pluginResourcePath}timeline_2.3.0/timeline_js/"; Timeline_parameters = "bundle=true"; </script> ---- == Inline Script Block Line: 10 ---- <script type="text/javascript"> addWindowEventListener("load", function() { var tl; var tz = ${it.timeZoneOffset}; var eventSource = new Timeline.DefaultEventSource(); eventSource.loadJSON(eval("${it.jobEventsJSON}"), "."); var bandInfos = [ Timeline.createBandInfo({ eventSource: eventSource, date: "${it.configuration.timeSlot.currentTime}", timeZone: tz, width: "30%", intervalUnit: Timeline.DateTime.DAY, intervalPixels: 200, overview: true }), Timeline.createBandInfo({ eventSource: eventSource, date: "${it.configuration.timeSlot.currentTime}", timeZone: tz, width: "70%", intervalUnit: Timeline.DateTime.HOUR, intervalPixels: 100 }) ]; for (var i = 0; i ${%lessThan} bandInfos.length; i++) { bandInfos[i].decorators = ${it.configuration.timeSlot.decoratorJSON}; } bandInfos[0].syncWith = 1; bandInfos[0].highlight = true; tl = Timeline.create(document.getElementById("smart-jenkins-timeline"), bandInfos); var resizeTimerID = null; addWindowEventListener("resize", function onResize() { if (resizeTimerID == null) { resizeTimerID = window.setTimeout(function() { resizeTimerID = null; tl.layout(); }, 500); } } ); } ); function addWindowEventListener(event, func) { if (window.addEventListener) { //for W3C DOM window.addEventListener(event, func, false); } else if (window.attachEvent) { //for IE window.attachEvent("on" + event, func); } else { if (event == "load") { window.onload = func; } else if (event == "resize") { window.onresize = func; } } } function showHelp(name) { if (document.getElementById(name).style.display == "none") { document.getElementById(name).style.display = ""; } else { document.getElementById(name).style.display = "none"; } } function validate() { return validateTimeSlot(); } function validateTimeSlot() { var items = document.getElementById("timeSlot").value.replace(/\s/g, "").split(","); for (var i in items) { if (!items[i].match(/^((\d|[01][0-9]|2[0-4])(:(\d|[05][0-9])){0,2})?(-((\d|[01][0-9]|2[0-4])(:(\d|[05][0-9])){0,2})?)?$/)) { alert('Invalid input value "' + items[i] + '".'); return false; } } return true; } </script> ---- == Inline Event Handler Line: 152 ---- <f:form action="configureTimeSlot" method="post" onsubmit="return validate();"> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] |
| Summary | Original: [smart-jenkins] Extract inline script blocks and event handlers in WEB-INF/classes/smartjenkins/SmartJenkinsAction/index.jelly | New: [smart-jenkins] Extract inline script blocks and event handler in WEB-INF/classes/smartjenkins/SmartJenkinsAction/index.jelly |
Basil Crow
made changes -
| Description |
Original:
h4. Problems {noformat} == Inline Script Block Line: 4 ---- <script type="text/javascript"> Timeline_ajax_url = "${it.pluginResourcePath}timeline_2.3.0/timeline_ajax/simile-ajax-api.js"; Timeline_urlPrefix = "${it.pluginResourcePath}timeline_2.3.0/timeline_js/"; Timeline_parameters = "bundle=true"; </script> ---- == Inline Script Block Line: 10 ---- <script type="text/javascript"> addWindowEventListener("load", function() { var tl; var tz = ${it.timeZoneOffset}; var eventSource = new Timeline.DefaultEventSource(); eventSource.loadJSON(eval("${it.jobEventsJSON}"), "."); var bandInfos = [ Timeline.createBandInfo({ eventSource: eventSource, date: "${it.configuration.timeSlot.currentTime}", timeZone: tz, width: "30%", intervalUnit: Timeline.DateTime.DAY, intervalPixels: 200, overview: true }), Timeline.createBandInfo({ eventSource: eventSource, date: "${it.configuration.timeSlot.currentTime}", timeZone: tz, width: "70%", intervalUnit: Timeline.DateTime.HOUR, intervalPixels: 100 }) ]; for (var i = 0; i ${%lessThan} bandInfos.length; i++) { bandInfos[i].decorators = ${it.configuration.timeSlot.decoratorJSON}; } bandInfos[0].syncWith = 1; bandInfos[0].highlight = true; tl = Timeline.create(document.getElementById("smart-jenkins-timeline"), bandInfos); var resizeTimerID = null; addWindowEventListener("resize", function onResize() { if (resizeTimerID == null) { resizeTimerID = window.setTimeout(function() { resizeTimerID = null; tl.layout(); }, 500); } } ); } ); function addWindowEventListener(event, func) { if (window.addEventListener) { //for W3C DOM window.addEventListener(event, func, false); } else if (window.attachEvent) { //for IE window.attachEvent("on" + event, func); } else { if (event == "load") { window.onload = func; } else if (event == "resize") { window.onresize = func; } } } function showHelp(name) { if (document.getElementById(name).style.display == "none") { document.getElementById(name).style.display = ""; } else { document.getElementById(name).style.display = "none"; } } function validate() { return validateTimeSlot(); } function validateTimeSlot() { var items = document.getElementById("timeSlot").value.replace(/\s/g, "").split(","); for (var i in items) { if (!items[i].match(/^((\d|[01][0-9]|2[0-4])(:(\d|[05][0-9])){0,2})?(-((\d|[01][0-9]|2[0-4])(:(\d|[05][0-9])){0,2})?)?$/)) { alert('Invalid input value "' + items[i] + '".'); return false; } } return true; } </script> ---- == Inline Event Handler Line: 152 ---- <f:form action="configureTimeSlot" method="post" onsubmit="return validate();"> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] |
New:
h1. Note
*While testing this plugin, evaluate whether the third-party libraries in {{src/main/webapp}} are compatible with CSP in restrictive mode. The plugin may need to be upgraded from jQuery 1.x to 3.x to fully function in CSP restrictive mode.* h4. Problems {noformat} == Inline Script Block Line: 4 ---- <script type="text/javascript"> Timeline_ajax_url = "${it.pluginResourcePath}timeline_2.3.0/timeline_ajax/simile-ajax-api.js"; Timeline_urlPrefix = "${it.pluginResourcePath}timeline_2.3.0/timeline_js/"; Timeline_parameters = "bundle=true"; </script> ---- == Inline Script Block Line: 10 ---- <script type="text/javascript"> addWindowEventListener("load", function() { var tl; var tz = ${it.timeZoneOffset}; var eventSource = new Timeline.DefaultEventSource(); eventSource.loadJSON(eval("${it.jobEventsJSON}"), "."); var bandInfos = [ Timeline.createBandInfo({ eventSource: eventSource, date: "${it.configuration.timeSlot.currentTime}", timeZone: tz, width: "30%", intervalUnit: Timeline.DateTime.DAY, intervalPixels: 200, overview: true }), Timeline.createBandInfo({ eventSource: eventSource, date: "${it.configuration.timeSlot.currentTime}", timeZone: tz, width: "70%", intervalUnit: Timeline.DateTime.HOUR, intervalPixels: 100 }) ]; for (var i = 0; i ${%lessThan} bandInfos.length; i++) { bandInfos[i].decorators = ${it.configuration.timeSlot.decoratorJSON}; } bandInfos[0].syncWith = 1; bandInfos[0].highlight = true; tl = Timeline.create(document.getElementById("smart-jenkins-timeline"), bandInfos); var resizeTimerID = null; addWindowEventListener("resize", function onResize() { if (resizeTimerID == null) { resizeTimerID = window.setTimeout(function() { resizeTimerID = null; tl.layout(); }, 500); } } ); } ); function addWindowEventListener(event, func) { if (window.addEventListener) { //for W3C DOM window.addEventListener(event, func, false); } else if (window.attachEvent) { //for IE window.attachEvent("on" + event, func); } else { if (event == "load") { window.onload = func; } else if (event == "resize") { window.onresize = func; } } } function showHelp(name) { if (document.getElementById(name).style.display == "none") { document.getElementById(name).style.display = ""; } else { document.getElementById(name).style.display = "none"; } } function validate() { return validateTimeSlot(); } function validateTimeSlot() { var items = document.getElementById("timeSlot").value.replace(/\s/g, "").split(","); for (var i in items) { if (!items[i].match(/^((\d|[01][0-9]|2[0-4])(:(\d|[05][0-9])){0,2})?(-((\d|[01][0-9]|2[0-4])(:(\d|[05][0-9])){0,2})?)?$/)) { alert('Invalid input value "' + items[i] + '".'); return false; } } return true; } </script> ---- == Inline Event Handler Line: 152 ---- <f:form action="configureTimeSlot" method="post" onsubmit="return validate();"> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers] |