scm-sync-configuration-plugin icon indicating copy to clipboard operation
scm-sync-configuration-plugin copied to clipboard

Published 20 hours ago verified publisher icon jenkinsci

Strange output in footer

Open evictor opened this issue 6 years ago • 7 comments

I'm seeing what looks like unformatted/code output in the footer. I'm on latest Jenkins at this time, 2.138.3. I can't recall when this popped up but I'm pretty sure it was when I upgraded to 2.138.x. LMK what debug output I might be able to provide.

image

evictor avatar Nov 26 '18 04:11 evictor

Same here on Jenkins 2.138.3 and Plugin version 0.0.10 (also tried 0.0.9) Looks like the HTML has '<' HTML-encoded: &lt;br/>To remove this message, please &lt;a href='#' onclick='javascript:removeLog();'>click here&lt;/a>

m-bucher avatar Nov 26 '18 17:11 m-bucher

Bit more than cosmetic because it also covers the last bits of console output, which are often the most important. :(

Thx for reading

evictor avatar Nov 26 '18 19:11 evictor

You need to set -Dorg.kohsuke.stapler.jelly.CustomJellyContext.escapeByDefault=false which helps in this case. There are several things broken with this change in Jenkins. See https://jenkins.io/blog/2018/10/10/security-updates/ and https://wiki.jenkins.io/display/JENKINS/Plugins+affected+by+2018-10-10+Stapler+security+hardening

amandel avatar Nov 27 '18 10:11 amandel

Thanks for the note. Is it safe to say the blanket disabling is just a band-aid and a patch should still be made so the plugin itself can handle the reconfiguration?

evictor avatar Nov 27 '18 19:11 evictor

Indeed, it would be really nice if the plugin could be targeted about disabling the escaping logic.

mikemol avatar Dec 21 '18 18:12 mikemol

Same issue, just to report it. It looks like the j:set var="msg" block creates a commented out span, and not what the code is expecting.

jeinstei avatar Apr 02 '19 17:04 jeinstei

+1

aba-rechsteiner avatar Feb 03 '20 08:02 aba-rechsteiner