Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-5135

Adopt <?jelly escape-by-default='true'?> everywhere

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Component/s: core
    • Labels:
      None
    • Similar Issues:

      Description

      As described in Wiki, I've just integrated a new version of commons-jelly that makes it easier to prevent XSS vulnerabilities. I need to push the use of this throughout the core.

      This task also includes a modification to maven-hpi-plugin, so that the archetype will generate view files with this PI. The test harness should be also modified to make sure that every view file has this PI (with a switch to disable this test in case plugin devs really don't want to bother.)

      In the first few versions, apply this in a limited place manually in the core to verify we have no unexpected regressions. Then update the test harness so that the core will use it everywhere.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                kohsuke Kohsuke Kawaguchi
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: