Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-74746

[htmlpublisher] Extract inline event handler and script blocks in HtmlPublisher

XMLWordPrintable

    • 1.37

      Problems

      == Inline Event Handler (Java)
File: HtmlPublisher.java
Line: 341
----
onclick=\"updateBody('"
----

== Inline Script Block (Java)
File: HtmlPublisher.java
Line: 347
----
<script type=\"text/javascript\">document.getElementById(\"hudson_link\").innerHTML=\"Back to " + htmlAttributeEscape(job.getName()) + "\";</script>
----

== Inline Script Block (Java)
File: HtmlPublisher.java
Line: 350
----
<script type=\"text/javascript\">document.getElementById(\"hudson_link\").onclick = function() { history.go(-1); return false; };</script>
----

== Inline Script Block (Java)
File: HtmlPublisher.java
Line: 353
----
<script type=\"text/javascript\">document.getElementById(\"hudson_link\").href=\"" + jobUrl + "\";</script>
----

== Inline Script Block (Java)
File: HtmlPublisher.java
Line: 356
----
<script type=\"text/javascript\">document.getElementById(\"zip_link\").href=\"*zip*/" + reportTarget.getSanitizedName() + ".zip\";</script>
----

      Solutions

      https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers
      https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks

            yafenkin Yaroslav Afenkin
            basil Basil Crow
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: