Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-41162

Input descriptions can contain html tags - allow or prevent

    XMLWordPrintable

    Details

    • Epic Link:
    • Sprint:
      pannonian, iapetus
    • Similar Issues:

      Description

      you will find markup in the description of the last parameter

       <br/><strong>NOTE:</strong> Uses the above BLUEOCEAN_BRANCH_NAME to determine the upstream build Job name fr
      

      Maybe we want to allow to use markdown instead and parse the description before display. That would give a lot of power to the user.

      The problem with allowing html directly is XSS (Cross-site Scripting)

        Attachments

          Activity

          Hide
          jamesdumay James Dumay added a comment - - edited

          Lets prevent html for now Thorsten Scherler. Thanks for razing this!

          Show
          jamesdumay James Dumay added a comment - - edited Lets prevent html for now Thorsten Scherler . Thanks for razing this!
          Show
          tfennelly Tom FENNELLY added a comment - PR: https://github.com/jenkinsci/blueocean-plugin/pull/771
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: tfennelly
          Path:
          src/main/js/page_objects/blueocean/bluePipelineActivity.js
          src/test/js/log-karaoke/parametrisedPipeline.js
          src/test/js/params-inputs/encoded-input-text.js
          src/test/js/params-inputs/multibranch-pipeline.js
          src/test/resources/test_scripts/parameterPipeline-html-in-descriptions.groovy
          http://jenkins-ci.org/commit/blueocean-acceptance-test/d78688b1fdc1e48082fb43010ff57783b87df53c
          Log:
          Input text markup removal test (JENKINS-41162)

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: tfennelly Path: src/main/js/page_objects/blueocean/bluePipelineActivity.js src/test/js/log-karaoke/parametrisedPipeline.js src/test/js/params-inputs/encoded-input-text.js src/test/js/params-inputs/multibranch-pipeline.js src/test/resources/test_scripts/parameterPipeline-html-in-descriptions.groovy http://jenkins-ci.org/commit/blueocean-acceptance-test/d78688b1fdc1e48082fb43010ff57783b87df53c Log: Input text markup removal test ( JENKINS-41162 )
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: tfennelly
          Path:
          src/main/js/page_objects/blueocean/bluePipelineActivity.js
          src/test/js/log-karaoke/parametrisedPipeline.js
          src/test/js/params-inputs/encoded-input-text.js
          src/test/js/params-inputs/multibranch-pipeline.js
          src/test/resources/test_scripts/parameterPipeline-html-in-descriptions.groovy
          http://jenkins-ci.org/commit/blueocean-acceptance-test/3be4b48b6d68c93d009a663174e3a1a57d5d07de
          Log:
          Input text markup removal test (JENKINS-41162)

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: tfennelly Path: src/main/js/page_objects/blueocean/bluePipelineActivity.js src/test/js/log-karaoke/parametrisedPipeline.js src/test/js/params-inputs/encoded-input-text.js src/test/js/params-inputs/multibranch-pipeline.js src/test/resources/test_scripts/parameterPipeline-html-in-descriptions.groovy http://jenkins-ci.org/commit/blueocean-acceptance-test/3be4b48b6d68c93d009a663174e3a1a57d5d07de Log: Input text markup removal test ( JENKINS-41162 )
          Hide
          deiwin Deiwin Sarjas added a comment -

          Would it be possible to re-enable safe HTML for the input descriptions?

          My use case is presenting a checklist with links to the user during an input step. E.g.:

          input(message: 'Continue? ', parameters: [
            booleanParam(
              defaultValue: false,
              description: '<a href="https://google.com">The project dashboard</a> looks OK',
              name: 'dashboard'
            ),
            booleanParam(
              defaultValue: false,
              description: 'No new errors in <a href="https://google.com">the project logs</a>',
              name: 'logs'
            )
          ])
          

          In the old UI this works well: 

          But in the new (which, granted, looks much better), the links are removed:

          This means I have to include the full link in the text and users have to copy paste that URL.

          Show
          deiwin Deiwin Sarjas added a comment - Would it be possible to re-enable safe HTML for the input descriptions? My use case is presenting a checklist with links to the user during an input step. E.g.: input(message: 'Continue? ' , parameters: [ booleanParam( defaultValue: false , description: '<a href= "https: //google.com" >The project dashboard</a> looks OK' , name: 'dashboard' ), booleanParam( defaultValue: false , description: 'No new errors in <a href= "https: //google.com" >the project logs</a>' , name: 'logs' ) ]) In the old UI this works well:  But in the new (which, granted, looks much better), the links are removed: This means I have to include the full link in the text and users have to copy paste that URL.
          Hide
          deiwin Deiwin Sarjas added a comment -

          As far as I can tell, something similar is already supported in JENKINS-41769.

          Show
          deiwin Deiwin Sarjas added a comment - As far as I can tell, something similar is already supported in JENKINS-41769 .

            People

            • Assignee:
              tfennelly Tom FENNELLY
              Reporter:
              tscherler Thorsten Scherler
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: