[JIRA] (JENKINS-62072) The Badge Plugins is no longer displaying color text anywhere addHtmlBadge & createSummary

13 views
Skip to first unread message

sf258g@att.com (JIRA)

unread,
Apr 27, 2020, 3:46:04 PM4/27/20
to jenkinsc...@googlegroups.com
Steven Fransen created an issue
 
Jenkins / Bug JENKINS-62072
The Badge Plugins is no longer displaying color text anywhere addHtmlBadge & createSummary
Issue Type: Bug Bug
Assignee: Marc Brugger
Components: badge-plugin
Created: 2020-04-27 19:45
Priority: Minor Minor
Reporter: Steven Fransen

 

// code placeholder

def WhatText = "hello" 

def mycolor = "blue"

addHtmlBadge html: "<font color='${mycolor}'>${WhatText}</font><br>", id: "blue" createSummary('orange-square.gif').appendText("<h2><font color='${mycolor}'>${WhatText}</font></h2>")

 

 all the test will be in black and white

 I am not exactly sure what version broken this . it was some version in the past month or so.

 I really miss this features as it help figure out what is wrong.
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38)
Atlassian logo

bakito@gmx.net (JIRA)

unread,
Apr 27, 2020, 4:44:02 PM4/27/20
to jenkinsc...@googlegroups.com
Marc Brugger commented on Bug JENKINS-62072
 
Re: The Badge Plugins is no longer displaying color text anywhere addHtmlBadge & createSummary

Hi Steven

The functionality is still available, but it has to be enabled in the jenkins configuration. 
Use 'Disable OWASP Markup Formatter' to enable html rendering.

I had to enable the OWASP Formatter to prevent vulnerabilities introduced by html injection.

 

If html formatting is desired, the feature hast do be actively disabled by the user.

 

Best Regards,

Marc

bakito@gmx.net (JIRA)

unread,
Apr 27, 2020, 4:44:03 PM4/27/20
to jenkinsc...@googlegroups.com
Marc Brugger started work on Bug JENKINS-62072
 
Change By: Marc Brugger
Status: Open In Progress

sf258g@att.com (JIRA)

unread,
Apr 30, 2020, 12:33:02 PM4/30/20
to jenkinsc...@googlegroups.com

i see 5 different plugins that are OWASAP 

OWASP Dependency-Check

Official OWASP ZAP

ZAP Pipeline

OWASP ZAP

OWASP Dependency-Track

 can you help me a little bit more I do not understand what you are asking me to do 

they all look like Proxy  and such

 how do I disable this feature?

 Thanks

Steven Fransen

sf258g@att.com (JIRA)

unread,
Apr 30, 2020, 12:40:03 PM4/30/20
to jenkinsc...@googlegroups.com
Steven Fransen edited a comment on Bug JENKINS-62072
i see 5 different plugins that are OWASAP 



 can you help me a little bit more I do not understand what you are asking me to do 

they all look like Proxy  and such

 how do I disable this feature?

 Thanks

Steven Fransen


 never mind I found the answer no plugin required just in  Jenkins 

 Configure System  in the Badge Plugin Section 

 just check the Disabled OWASP Mark Formatter

 it would have been nice if in the released notes

bakito@gmx.net (JIRA)

unread,
Apr 30, 2020, 1:17:03 PM4/30/20
to jenkinsc...@googlegroups.com

This Change was introduced in version 1.5 https://github.com/jenkinsci/badge-plugin/blob/master/CHANGELOG.md 
The change was triggered by the Jenkins Security Advisory https://www.jenkins.io/security/advisory/2018-06-25/#SECURITY-906 which gave to requirement, to prevent cross-site scripting.

In version 1.8 I added the possibility to disable the Formatter in case the user wanted to have this feature.

I will add a section to the readme about the config

bakito@gmx.net (JIRA)

unread,
Apr 30, 2020, 1:30:02 PM4/30/20
to jenkinsc...@googlegroups.com
Marc Brugger closed an issue as Not A Defect
 
Change By: Marc Brugger
Status: In Progress Closed
Resolution: Not A Defect
Reply all
Reply to author
Forward
0 new messages