So, to clarify, there are two parts to this:
- The HTML Publisher surrounds the published pages with a frame linking to the configured index pages. This frame was broken in 1.625.3/1.641, and the plugin release 1.10 fixes this.
To work around the second issue, you basically have the following options with this:
- Publish the HTML pages elsewhere and just link there from Jenkins.
- Make the HTML pages work without this kind of dynamic content or adapt to work within the rules (e.g. external CSS files rather than inline).
- Relax the rules controlling what static HTML files served by Jenkins are allowed to do: See documentation.
You may be asking "Daniel, this security issue seems a bit far-fetched – most installations allow everyone to do everything, why so restrictive?" Good point. Unfortunately, while many, possibly most, Jenkins installations may not need this protection because it's not a threat to them, given how many users don't bother to apply basic common sense to their instance security, we opted to make Jenkins secure out of the box in this regard, rather than make it opt-in.