Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Which html is supported in Jenkins job description

Tags:

In the Job description you can use Html tags. I have something like:

blabla.. on <a href="http://vms029/wa_shdw" target="_blank">http://vms029/wa_shdw</a> 

But the target="_blank" seems to get scrubbed somewhere. Is there another way? Any doc on whats supported and what's not?

like image 886
Niek Avatar asked Sep 18 '13 08:09

Niek


People also ask

How do I change from Jenkins plain text to safe HTML?

Once the plugin is installed, go to Manage Jenkins → Configure Global Security → Markup Formatter. Select Safe HTML for the Markup Formatter option. User-submitted text, like build, job, and view descriptions, will then support HTML formatting, but will be sanitized by removing potentially dangerous elements.

What markup Formatters are present in Jenkins?

The markup formatter can be configured in Manage Jenkins » Configure Global Security » Markup Formatter. The default markup formatter Plain text renders all descriptions as entered: Unsafe HTML metacharacters like < and & are escaped, and line breaks are rendered as <br/> HTML tags.

Which is the most flexible Jenkins job type?

Jenkins supports several different types of build jobs. The two most commonly-used are the freestyle builds and the Maven 2/3 builds. The freestyle projects allow you to configure just about any sort of build job, they are highly flexible and very configurable.


1 Answers

Jenkins allows you to use various markup languages to write job descriptions; plugins can define how the description should be parsed via the MarkupFormatter interface.

By default, the RawHtmlMarkupFormatter is used, which applies an HTML sanitisation policy (from the OWASP AntiSamy Project) — the Myspace policy.

In the Myspace policy, you'll see that only certain tags and attributes are allowed. target isn't one of them, which is why you see it being stripped from your input.

For your use case, the alternatives are to install and configure another markup formatter plugin, or to write your own. Some examples include:

  • Escaped Markup Plugin: escapes all HTML tags (probably not so useful for you)
  • "Anything Goes" Formatter: allows any HTML input at all (with the associated security risks)
  • PegDown Formatter Plugin: lets you write your descriptions in Markdown (probably the nicest option here, but likely doesn't support things like target="_blank")
like image 164
Christopher Orr Avatar answered Oct 03 '22 17:10

Christopher Orr