Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-42902

HTML in description is always escaped

    Details

    • Similar Issues:

      Description

      HTMLs in the description is no longer displayed without escaping for SECURITY-353.

      To fix:

      • use `ParameterDefinition#getFormattedDescription` introduced in Jenkins-1.521.
        • 1.532 is the least LTS.
      • Set `escapeEntryTitleAndDescription` to false.

      It might be useful if itroducing the previewing feature like this:

          <f:textarea name="parameter.description" value="${instance.description}" codemirror-mode="${app.markupFormatter.codeMirrorMode}" codemirror-config="${app.markupFormatter.codeMirrorConfig}" previewEndpoint="/markupFormatter/previewDescription" />
      
      • This is introduced since Jenkins-1.554.

        Attachments

          Issue Links

            Activity

            Hide
            ikedam ikedam added a comment - - edited

            ParameterValue#getFormattedDescription is introduced since 2.32.2, 2.44. (0b471b7)

            Show
            ikedam ikedam added a comment - - edited ParameterValue#getFormattedDescription is introduced since 2.32.2, 2.44. ( 0b471b7 )
            Show
            ikedam ikedam added a comment - https://github.com/jenkinsci/matrix-combinations-plugin/pull/22
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: ikedam
            Path:
            src/test/java/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterDefinitionTest.java
            src/test/java/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterValueTest.java
            src/test/java/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsRebuildParameterProviderTest.java
            http://jenkins-ci.org/commit/matrix-combinations-plugin/e61298ef58456abcfa2e09bf19298757d691c549
            Log:
            JENKINS-42902 Add tests to reproduce SECURITY-353

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: src/test/java/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterDefinitionTest.java src/test/java/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterValueTest.java src/test/java/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsRebuildParameterProviderTest.java http://jenkins-ci.org/commit/matrix-combinations-plugin/e61298ef58456abcfa2e09bf19298757d691c549 Log: JENKINS-42902 Add tests to reproduce SECURITY-353
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: ikedam
            Path:
            pom.xml
            src/main/java/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterValue.java
            src/main/resources/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterDefinition/config.jelly
            src/main/resources/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterDefinition/index.groovy
            src/main/resources/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterValue/rebuild.groovy
            src/main/resources/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterValue/value.groovy
            http://jenkins-ci.org/commit/matrix-combinations-plugin/732841c5a67bab898e4dd6d7f4b08a81e28eaa3f
            Log:
            [FIXED JENKINS-42902] Sanitize parameter names and descriptions

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: pom.xml src/main/java/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterValue.java src/main/resources/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterDefinition/config.jelly src/main/resources/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterDefinition/index.groovy src/main/resources/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterValue/rebuild.groovy src/main/resources/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterValue/value.groovy http://jenkins-ci.org/commit/matrix-combinations-plugin/732841c5a67bab898e4dd6d7f4b08a81e28eaa3f Log: [FIXED JENKINS-42902] Sanitize parameter names and descriptions
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: ikedam
            Path:
            src/main/resources/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterDefinition/config.jelly
            http://jenkins-ci.org/commit/matrix-combinations-plugin/cabe08ab7a000a835f41950653e41348f020aa7c
            Log:
            JENKINS-42902 Disable codemirror

            codemirror feature for dynamic fragments are affected by JENKINS-23026 till Jenkins 1.597.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: src/main/resources/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterDefinition/config.jelly http://jenkins-ci.org/commit/matrix-combinations-plugin/cabe08ab7a000a835f41950653e41348f020aa7c Log: JENKINS-42902 Disable codemirror codemirror feature for dynamic fragments are affected by JENKINS-23026 till Jenkins 1.597.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: ikedam
            Path:
            pom.xml
            src/main/java/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterValue.java
            src/main/resources/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterDefinition/config.jelly
            src/main/resources/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterDefinition/index.groovy
            src/main/resources/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterValue/rebuild.groovy
            src/main/resources/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterValue/value.groovy
            src/test/java/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterDefinitionTest.java
            src/test/java/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterValueTest.java
            src/test/java/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsRebuildParameterProviderTest.java
            http://jenkins-ci.org/commit/matrix-combinations-plugin/92487b29478c8b2cf296889cb25c5292f2b9dc55
            Log:
            Merge pull request #22 from ikedam/feature/JENKINS-42902_htmlEscape

            JENKINS-42902 Sanitize names and descriptions

            Compare: https://github.com/jenkinsci/matrix-combinations-plugin/compare/3b978dacf725...92487b29478c

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: pom.xml src/main/java/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterValue.java src/main/resources/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterDefinition/config.jelly src/main/resources/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterDefinition/index.groovy src/main/resources/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterValue/rebuild.groovy src/main/resources/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterValue/value.groovy src/test/java/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterDefinitionTest.java src/test/java/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsParameterValueTest.java src/test/java/hudson/plugins/matrix_configuration_parameter/MatrixCombinationsRebuildParameterProviderTest.java http://jenkins-ci.org/commit/matrix-combinations-plugin/92487b29478c8b2cf296889cb25c5292f2b9dc55 Log: Merge pull request #22 from ikedam/feature/ JENKINS-42902 _htmlEscape JENKINS-42902 Sanitize names and descriptions Compare: https://github.com/jenkinsci/matrix-combinations-plugin/compare/3b978dacf725...92487b29478c
            Hide
            ikedam ikedam added a comment -

            Fixed in matrix-combinations-1.2.0

            Show
            ikedam ikedam added a comment - Fixed in matrix-combinations-1.2.0

              People

              • Assignee:
                ikedam ikedam
                Reporter:
                ikedam ikedam
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: