dashboard-view-plugin icon indicating copy to clipboard operation
dashboard-view-plugin copied to clipboard

Published 20 hours ago verified publisher icon jenkinsci

[JENKINS-39618] HTML in portlet 'Display Name' not rendered in versions more recent than 2.9.7

Open TobiX opened this issue 9 years ago • 3 comments

Dashboard View Plugin v2.9.10: Does not render HTML in 'Display Name' section
This was very helpful to customize the portlets. Plugin versions up to v2.9.7 correctly render the HTML.

Originally reported by ioannis, imported from: HTML in portlet 'Display Name' not rendered in versions more recent than 2.9.7
  • assignee: tgr
  • status: Open
  • priority: Minor
  • resolution: Unresolved
  • imported: 2022-10-30

TobiX avatar Nov 09 '16 14:11 TobiX

tgr:

This was probably broken by https://github.com/jenkinsci/dashboard-view-plugin/commit/0855c2c4c853df0def0846f5bf966d56d973685f - Need to evaluate if we can safely disable escaping for this field. Probably not, since that would allow users to mount XSS attacks against other users...

TobiX avatar Aug 19 '18 07:08 TobiX

ioannis:

That is rather unfortunate! It was a really useful feature and I was using it a lot. Any other ideas whether we can enhance the display name tabs? Till then I may have to stick to v2.9.7.

Thanks and best regards

TobiX avatar Aug 29 '18 17:08 TobiX

tgr:

Ioannis Moutsatsos This bug is probably in the rich-text-publisher-plugin, there is nothing I can do in the dashboard-view-plugin. Ah, I see now, it's about the portlet titles. I think the functionality can be partially restored by passing the text through the configured markup sanitizer...

TobiX avatar Oct 28 '18 23:10 TobiX