[JIRA] (JENKINS-55790) Enable opt-out of RawHtmlMarkupFormatter processing

0 views
Skip to first unread message

tskrainar@icloud.com (JIRA)

unread,
Jan 25, 2019, 7:57:02 PM1/25/19
to jenkinsc...@googlegroups.com
Tom Skrainar created an issue
 
Jenkins / Improvement JENKINS-55790
Enable opt-out of RawHtmlMarkupFormatter processing
Issue Type: Improvement Improvement
Assignee: Marc Brugger
Components: badge-plugin
Created: 2019-01-26 00:56
Environment: badge-plugin 1.5 and newer
Priority: Minor Minor
Reporter: Tom Skrainar

Commit 63a7744cef33338e62898576a50bcc521d76ba9f (in support of SECURITY-906) filters text passed to BadgeSummaryAction.appendText() through a RawHtmlMarkupFormatter, which prevents arbitrary URI schemes being rendered as hrefs (only http/mailto seem to be supported).

I appreciate the intent behind this change, but for people who rely on being able to provide hyperlinked text to arbitrary URI schemes, it would be really useful to explicitly disable this (resulting in a call to getRawHtml() instead).

The current implementation is a (very) reasonable default, but I would like the ability to explicitly select "give me the unsanitized HTML".
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

bakito@gmx.net (JIRA)

unread,
Mar 27, 2020, 5:31:02 PM3/27/20
to jenkinsc...@googlegroups.com
Marc Brugger updated an issue
Change By: Marc Brugger
Released As: badge-1.8
This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38)
Atlassian logo

bakito@gmx.net (JIRA)

unread,
Mar 27, 2020, 5:32:03 PM3/27/20
to jenkinsc...@googlegroups.com
Marc Brugger closed an issue as Fixed
Change By: Marc Brugger
Status: Open Closed
Resolution: Fixed
Reply all
Reply to author
Forward
0 new messages