Skip to content

Commit

Permalink
[JENKINS-40827] Fix the escaping in description column
Browse files Browse the repository at this point in the history 
- We do not need to worry about displayName as that is already on code paths that correctly escape
  • Loading branch information
@stephenc
stephenc committed Jan 5, 2017
1 parent 682dbb0 commit 31d8b67
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 5 deletions.
2 changes: 1 addition & 1 deletion pom.xml
View file
Expand Up @@ -66,7 +66,7 @@

<properties>
<jenkins.version>1.642.3</jenkins.version>
<scm-api.version>2.0.1-beta-1</scm-api.version>
<scm-api.version>2.0.1-20170105.113635-7</scm-api.version>
</properties>

<repositories>
Expand Down
19 changes: 15 additions & 4 deletions src/main/java/jenkins/branch/DescriptionColumn.java
View file
Expand Up @@ -27,11 +27,15 @@
import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import hudson.Util;
import hudson.markup.MarkupFormatter;
import hudson.model.Actionable;
import hudson.model.Item;
import hudson.model.Job;
import hudson.views.ListViewColumn;
import hudson.views.ListViewColumnDescriptor;
import java.io.IOException;
import jenkins.model.Jenkins;
import jenkins.scm.api.metadata.ObjectMetadataAction;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.accmod.Restricted;
Expand Down Expand Up @@ -77,12 +81,19 @@ public ObjectMetadataAction getPropertyOf(Item item) {
*/
@Restricted(NoExternalUse.class)
@SuppressWarnings("unused") // used via Jelly EL binding
public String description(@CheckForNull Object p, @NonNull Object job) {
public String description(@CheckForNull Object p, @NonNull Object job) throws IOException {
if (p instanceof ObjectMetadataAction) {
return StringUtils.defaultIfBlank(((ObjectMetadataAction) p).getObjectDescription(),
job instanceof Job ? ((Job) job).getDescription() : "");
// when the description comes from the metadata, assume plain text and use Util.escape
String description = Util.escape(((ObjectMetadataAction) p).getObjectDescription());
if (StringUtils.isNotBlank(description)) {
return description;
}
}
if (job instanceof Job) {
// when the description comes from the job configuration, assume user provided and use markup formatter
return Jenkins.getActiveInstance().getMarkupFormatter().translate(((Job) job).getDescription());
} else {
return job instanceof Job ? ((Job) job).getDescription() : "";
return "";
}
}

Expand Down

0 comments on commit 31d8b67

Please sign in to comment.