[jenkinsci/subversion-plugin] 4fe42b: [JENKINS-36521] Print raw (not HTML escaped) commi...

Tue, 17 Jan 2017 10:34:58 -0800 

  Branch: refs/heads/master
  Home:   https://github.com/jenkinsci/subversion-plugin
  Commit: 4fe42befe197c81ee5d652e061f26b55017dbbfd
      
https://github.com/jenkinsci/subversion-plugin/commit/4fe42befe197c81ee5d652e061f26b55017dbbfd
  Author: Lukasz Jader <ljader...@gmail.com>
  Date:   2016-11-05 (Sat, 05 Nov 2016)

  Changed paths:
    M src/main/resources/hudson/scm/SubversionChangeLogSet/digest.jelly
    M src/main/resources/hudson/scm/SubversionChangeLogSet/index.jelly

  Log Message:
  -----------
  [JENKINS-36521] Print raw (not HTML escaped) commit messages

Commit decorators add clicable <a> links to issue IDs on build summary page,
but the security mechanism preventing XSS in .jelly,
escapes the HTML tags for .jelly files with:
<?jelly escape-by-default='true'?>

After the change, annotated commit messages are printed raw,
without HTML escaping.

Used method will be consistent with change in 
hudson/scm/SCM/project-changes.jelly
introduced in 
https://github.com/jenkinsci/jenkins/commit/41ab84fe0a1512fe52347d55fb58445174636896

Additional details:
https://wiki.jenkins-ci.org/display/JENKINS/Jelly+and+XSS+prevention
https://issues.jenkins-ci.org/browse/JENKINS-5135


  Commit: 8dc995bf09d1e51b365e4e7308fb40ea7f705f8b
      
https://github.com/jenkinsci/subversion-plugin/commit/8dc995bf09d1e51b365e4e7308fb40ea7f705f8b
  Author: Łukasz Jąder <ljader...@gmail.com>
  Date:   2017-01-17 (Tue, 17 Jan 2017)

  Changed paths:
    M src/main/resources/hudson/scm/SubversionChangeLogSet/digest.jelly
    M src/main/resources/hudson/scm/SubversionChangeLogSet/index.jelly

  Log Message:
  -----------
  Merge pull request #174 from ljader/fix-commit-message-escaping

[JENKINS-36521] Print raw (not HTML escaped) commit messages


Compare: 
https://github.com/jenkinsci/subversion-plugin/compare/de82ef7a892e...8dc995bf09d1

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-commits+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to