Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-42903

HTML in description is always escaped

    Details

    • Similar Issues:

      Description

      HTMLs in the description is no longer displayed without escaping for SECURITY-353.

      To fix:

      • use `ParameterDefinition#getFormattedDescription` introduced in Jenkins-1.521.
        • 1.532 is the least LTS.
      • Set `escapeEntryTitleAndDescription` to false.

      It might be useful if itroducing the previewing feature like this:

          <f:textarea name="parameter.description" value="${instance.description}" codemirror-mode="${app.markupFormatter.codeMirrorMode}" codemirror-config="${app.markupFormatter.codeMirrorConfig}" previewEndpoint="/markupFormatter/previewDescription" />
      
      • This is introduced since Jenkins-1.554.

        Attachments

          Issue Links

            Activity

            Hide
            mmh19891113 Minghui Ma added a comment - - edited

            i met this issue on my jenkins.

             

            jenkins 2.32.3

             extensible-choice-parameter-  1.3.4

             

             

            Show
            mmh19891113 Minghui Ma added a comment - - edited i met this issue on my jenkins.   jenkins 2.32.3  extensible-choice-parameter-  1.3.4    
            Show
            ikedam ikedam added a comment - https://github.com/jenkinsci/extensible-choice-parameter-plugin/pull/31
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: ikedam
            Path:
            pom.xml
            src/test/java/jp/ikedam/jenkins/plugins/extensible_choice_parameter/ExtensibleChoiceParameterDefinitionJenkinsTest.java
            http://jenkins-ci.org/commit/extensible-choice-parameter-plugin/141d90c373eccf9a8c3c497764407479f0e74bff
            Log:
            JENKINS-42903 Add tests to reproduce JENKINS-42903: HTML texts are not properly escaped

            This results HTML texts are always escaped since Jenkins >= 2.32.2.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: pom.xml src/test/java/jp/ikedam/jenkins/plugins/extensible_choice_parameter/ExtensibleChoiceParameterDefinitionJenkinsTest.java http://jenkins-ci.org/commit/extensible-choice-parameter-plugin/141d90c373eccf9a8c3c497764407479f0e74bff Log: JENKINS-42903 Add tests to reproduce JENKINS-42903 : HTML texts are not properly escaped This results HTML texts are always escaped since Jenkins >= 2.32.2.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: ikedam
            Path:
            src/main/resources/jp/ikedam/jenkins/plugins/extensible_choice_parameter/ExtensibleChoiceParameterDefinition/config.jelly
            src/main/resources/jp/ikedam/jenkins/plugins/extensible_choice_parameter/ExtensibleChoiceParameterDefinition/index.jelly
            http://jenkins-ci.org/commit/extensible-choice-parameter-plugin/c781e2016331f2d8c4634d6a970a3dd77608c2d2
            Log:
            [FIXED JENKINS-42903] Sanitize parameter names and descriptions

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: src/main/resources/jp/ikedam/jenkins/plugins/extensible_choice_parameter/ExtensibleChoiceParameterDefinition/config.jelly src/main/resources/jp/ikedam/jenkins/plugins/extensible_choice_parameter/ExtensibleChoiceParameterDefinition/index.jelly http://jenkins-ci.org/commit/extensible-choice-parameter-plugin/c781e2016331f2d8c4634d6a970a3dd77608c2d2 Log: [FIXED JENKINS-42903] Sanitize parameter names and descriptions
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: ikedam
            Path:
            pom.xml
            src/main/resources/jp/ikedam/jenkins/plugins/extensible_choice_parameter/ExtensibleChoiceParameterDefinition/config.jelly
            src/main/resources/jp/ikedam/jenkins/plugins/extensible_choice_parameter/ExtensibleChoiceParameterDefinition/index.jelly
            src/test/java/jp/ikedam/jenkins/plugins/extensible_choice_parameter/ExtensibleChoiceParameterDefinitionJenkinsTest.java
            http://jenkins-ci.org/commit/extensible-choice-parameter-plugin/cbd310dea0974c4b6723a9d73b362cadb0f0fece
            Log:
            Merge pull request #31 from ikedam/feature/JENKINS-42903_SanitizeHtml

            JENKINS-42903 Sanitize names and descriptions

            Compare: https://github.com/jenkinsci/extensible-choice-parameter-plugin/compare/4a447650fbba...cbd310dea097

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: pom.xml src/main/resources/jp/ikedam/jenkins/plugins/extensible_choice_parameter/ExtensibleChoiceParameterDefinition/config.jelly src/main/resources/jp/ikedam/jenkins/plugins/extensible_choice_parameter/ExtensibleChoiceParameterDefinition/index.jelly src/test/java/jp/ikedam/jenkins/plugins/extensible_choice_parameter/ExtensibleChoiceParameterDefinitionJenkinsTest.java http://jenkins-ci.org/commit/extensible-choice-parameter-plugin/cbd310dea0974c4b6723a9d73b362cadb0f0fece Log: Merge pull request #31 from ikedam/feature/ JENKINS-42903 _SanitizeHtml JENKINS-42903 Sanitize names and descriptions Compare: https://github.com/jenkinsci/extensible-choice-parameter-plugin/compare/4a447650fbba...cbd310dea097
            Hide
            ikedam ikedam added a comment -

            This change is included in extensible-choice-parameter-1.4.1.
            It will be available in the update center in a day.

            Show
            ikedam ikedam added a comment - This change is included in extensible-choice-parameter-1.4.1. It will be available in the update center in a day.

              People

              • Assignee:
                ikedam ikedam
                Reporter:
                ikedam ikedam
              • Votes:
                2 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: