Greetings to all;
After a long wait the Active Choices plugin v2.0 is again available from the Jenkins distribution center.
We have several people to thank for this, especially Jesse Glick and Daniel Beck for shepherding the plugin through the 'troubled waters' of advanced Jenkins security.
Active Choices is now elegantly disentangled from the Scriptler plugin whose previously mandatory dependency had blocked its distribution from the Jenkins update center.
I think that the current Active Choices plugin version strikes the perfect balance between security and the advanced functionality (like dynamic HTML) that made Active Choices so useful and unique.
So here is a summary of the most recent changes:
- Scriptler dependency is optional.
Sandboxed Groovy scripts will no longer emit HTML that is considered unsafe. (such as <script> elements)
- If you already have the Scriptler plugin installed, it can be used as in the previous Active Choices versions
- If you don't have Scriptler, you can still use custom embedded Groovy scripts (sandboxed or not) to create options for Active Choice parameters
The Active Choices plugin runs safely, and still allows arbitrary HTML for those who don't need fine-grained permissions.
- If the user who configures the job is an administrator on the Jenkins instance, they can just bypass the sandbox and there will be arbitrary HTML.
- If the user who configures the job is not an administrator, they can choose to get only sanitized output, or to get an administrator to approve the Groovy Script.
With these enhancements in place, we are looking forward to resuming the functional enhancement of Active Choices, so that we continue to enhance free-style jobs with dynamic and interactive build forms.
Thank your for your patience, your suggestions and code contributions!
Ioannis & Bruno