Skip to content
Permalink
Browse files
[JENKINS-40827] Fix the escaping in description column
- We do not need to worry about displayName as that is already on code paths that correctly escape
  • Loading branch information
stephenc committed Jan 5, 2017
1 parent 682dbb0 commit 31d8b6795a9f5cc17aeb5ba3cbf08eec8c7b79b5
Showing with 16 additions and 5 deletions.
  1. +1 −1 pom.xml
  2. +15 −4 src/main/java/jenkins/branch/DescriptionColumn.java
@@ -66,7 +66,7 @@

<properties>
<jenkins.version>1.642.3</jenkins.version>
<scm-api.version>2.0.1-beta-1</scm-api.version>
<scm-api.version>2.0.1-20170105.113635-7</scm-api.version>
</properties>

<repositories>
@@ -27,11 +27,15 @@
import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import hudson.Util;
import hudson.markup.MarkupFormatter;
import hudson.model.Actionable;
import hudson.model.Item;
import hudson.model.Job;
import hudson.views.ListViewColumn;
import hudson.views.ListViewColumnDescriptor;
import java.io.IOException;
import jenkins.model.Jenkins;
import jenkins.scm.api.metadata.ObjectMetadataAction;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.accmod.Restricted;
@@ -77,12 +81,19 @@ public ObjectMetadataAction getPropertyOf(Item item) {
*/
@Restricted(NoExternalUse.class)
@SuppressWarnings("unused") // used via Jelly EL binding
public String description(@CheckForNull Object p, @NonNull Object job) {
public String description(@CheckForNull Object p, @NonNull Object job) throws IOException {
if (p instanceof ObjectMetadataAction) {
return StringUtils.defaultIfBlank(((ObjectMetadataAction) p).getObjectDescription(),
job instanceof Job ? ((Job) job).getDescription() : "");
// when the description comes from the metadata, assume plain text and use Util.escape
String description = Util.escape(((ObjectMetadataAction) p).getObjectDescription());
if (StringUtils.isNotBlank(description)) {
return description;
}
}
if (job instanceof Job) {
// when the description comes from the job configuration, assume user provided and use markup formatter
return Jenkins.getActiveInstance().getMarkupFormatter().translate(((Job) job).getDescription());
} else {
return job instanceof Job ? ((Job) job).getDescription() : "";
return "";
}
}

0 comments on commit 31d8b67

Please sign in to comment.