[JIRA] (JENKINS-54361) Plugin name doesn't match UI, docs stale

craig@2ndquadrant.com (JIRA)

unread,

Oct 31, 2018, 4:21:02 AM10/31/18

to jenkinsc...@googlegroups.com

Craig Ringer created an issue

Jenkins /

JENKINS-54361

Plugin name doesn't match UI, docs stale

Issue Type:	Bug
Assignee:	Unassigned
Components:	antisamy-markup-formatter-plugin
Created:	2018-10-31 08:20
Environment:	Jenkins 2.138.2, OWASP Markup Formatter Plugin 1.5
Priority:	Minor
Reporter:	Craig Ringer

The Jenkins UI and docs refer to the "Safe HTML" markup formatter. But there is really no such thing.

It is implemented by the "OWASP Markup Formatter Plugin" (which links to "plugins.jenkins.io/antisamy-markup-formatter").

The "jenkinsci/antisamy-markup-formatter project has a 1.5 tag", and appears to be what Jenkins bundles.

The plugin site mentions that policies are configurable, but there's no UI to configure policies. The "file with the extension in it, confusingly named RawHtmlMarkupFormatter" appears to have had any pluggability cut out, but the comment still reflects the old support:

{{
// Use the policy defined above to sanitize the HTML.
HtmlSanitizer.sanitize(markup, MyspacePolicy.POLICY_DEFINITION.apply(renderer));
}}

so in practice it looks like you can only use the copy of the MyspacePolicy embedded in the plugin code.

Hopefully this helps the next person who is utterly confused by this, when trying to figure out how to configure the "Safe HTML" formatter policy, allow additional tags in the "Safe HTML" markup formatter in Jenkins, etc.

Add Comment

This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

craig@2ndquadrant.com (JIRA)

unread,

Oct 31, 2018, 4:22:01 AM10/31/18

to jenkinsc...@googlegroups.com

Craig Ringer updated an issue

Jenkins /

JENKINS-54361

Plugin name doesn't match UI, docs stale

Change By:	Craig Ringer

The Jenkins UI and docs refer to the "Safe HTML" markup formatter. But there is really no such thing.

It is implemented by the ["OWASP Markup Formatter Plugin"|http://wiki.jenkins-ci.org/display/JENKINS/OWASP+Markup+Formatter+Plugin] (which links to ["plugins.jenkins.io/antisamy-markup-formatter"|https://plugins.jenkins.io/antisamy-markup-formatter]).

The ["jenkinsci/antisamy-markup-formatter project has a 1.5 tag"|https://github.com/jenkinsci/antisamy-markup-formatter-plugin/tree/antisamy-markup-formatter-1.5], and appears to be what Jenkins bundles.

The plugin site mentions that policies are configurable, but there's no UI to configure policies. The ["file with the extension in it, confusingly named RawHtmlMarkupFormatter"|https://github.com/jenkinsci/antisamy-markup-formatter-plugin/blob/antisamy-markup-formatter-1.5/src/main/java/hudson/markup/RawHtmlMarkupFormatter.java] appears to have had any pluggability cut out, but the comment still reflects the old support:

{{
// Use the policy defined above to sanitize the HTML. }}
{{ HtmlSanitizer.sanitize(markup, MyspacePolicy.POLICY_DEFINITION.apply(renderer));
}}

so in practice it looks like you can only use the copy of the MyspacePolicy embedded in the plugin code.

Hopefully this helps the next person who is utterly confused by this, when trying to figure out how to configure the "Safe HTML" formatter policy, allow additional tags in the "Safe HTML" markup formatter in Jenkins, etc.

Add Comment

craig@2ndquadrant.com (JIRA)

unread,

Oct 31, 2018, 4:37:02 AM10/31/18

to jenkinsc...@googlegroups.com

Craig Ringer commented on

JENKINS-54361

Re: Plugin name doesn't match UI, docs stale

I updated the wiki page.

I don't have the access to update the plugins page, or the github repository's descriptive text. Both should really be changed to mention the three names it gets referred to, and the fact it's not configurable (anymore?).