[JENKINS-74709] [wwpass-plugin] Extract inline script block and event handler in com/wwpass/wwpassauth/WwpassUserProperty/bind_button.jelly

Type: Task
Resolution: Unresolved
Priority: Minor
Component/s: wwpass-plugin
Labels:
- CSP

Similar Issues:
Powered by SuggestiMate

Show
Epic Link:
CSP compatibility for Jenkins plugins

Problems

== Inline Script Block
Line: 35
----
<script type="text/javascript">
        options = {
            'render': 'qrcode',
            'ticketURL' : '${app.rootURL}/federatedLoginService/wwpass/getTicket',
            callback : function(status, message) {
            auth_cb(status, message);
            }
        };

        wwpassQRCodeAuth(options);

        create_wwpass_form('${app.rootURL}/federatedLoginService/wwpass/startAssociate');
    </script>
----

== Inline Event Handler
Line: 14
----
<button type='button'
                        id="btn-login"
                        class="button-login"
                        onclick="javascript:associate('${instance.descriptor.name}', '${rootURL}/federatedLoginService/wwpass/startAssociate')">
----

Solutions

https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks
https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers

Basil Crow created issue - 2024-10-24 00:26

Basil Crow made changes - 2024-10-24 15:46

Description	Original: h4. Problems {noformat} == Inline Event Handler Line: 14 ---- <button type='button' id="btn-login" class="button-login" onclick="javascript:associate('${instance.descriptor.name}', '${rootURL}/federatedLoginService/wwpass/startAssociate')"> ---- == Inline Script Block Line: 35 ---- <script type="text/javascript"> options = { 'render': 'qrcode', 'ticketURL' : '${app.rootURL}/federatedLoginService/wwpass/getTicket', callback : function(status, message) { auth_cb(status, message); } }; wwpassQRCodeAuth(options); create_wwpass_form('${app.rootURL}/federatedLoginService/wwpass/startAssociate'); </script> ---- == Inline Event Handler Line: 14 ---- <button type='button' id="btn-login" class="button-login" onclick="javascript:associate('${instance.descriptor.name}', '${rootURL}/federatedLoginService/wwpass/startAssociate')"> ---- == Inline Script Block Line: 35 ---- <script type="text/javascript"> options = { 'render': 'qrcode', 'ticketURL' : '${app.rootURL}/federatedLoginService/wwpass/getTicket', callback : function(status, message) { auth_cb(status, message); } }; wwpassQRCodeAuth(options); create_wwpass_form('${app.rootURL}/federatedLoginService/wwpass/startAssociate'); </script> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers]	New: h4. Problems {noformat} == Inline Script Block Line: 35 ---- <script type="text/javascript"> options = { 'render': 'qrcode', 'ticketURL' : '${app.rootURL}/federatedLoginService/wwpass/getTicket', callback : function(status, message) { auth_cb(status, message); } }; wwpassQRCodeAuth(options); create_wwpass_form('${app.rootURL}/federatedLoginService/wwpass/startAssociate'); </script> ---- == Inline Event Handler Line: 14 ---- <button type='button' id="btn-login" class="button-login" onclick="javascript:associate('${instance.descriptor.name}', '${rootURL}/federatedLoginService/wwpass/startAssociate')"> ---- {noformat} h4. Solutions [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] [https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers]
Summary	Original: [wwpass-plugin] Extract inline script blocks and event handlers in com/wwpass/wwpassauth/WwpassUserProperty/bind_button.jelly	New: [wwpass-plugin] Extract inline script block and event handler in com/wwpass/wwpassauth/WwpassUserProperty/bind_button.jelly

Jenkins

Details

Description

Problems

Solutions

Attachments

Activity

People

Dates