Source code view sanitizes away parts of code

[mikedld]

Jenkins and plugins versions report

Environment

```text Jenkins: 2.414.1 OS: Linux - 5.4.247-162.350.amzn2.x86_64 Java: 11.0.20 - Eclipse Adoptium (OpenJDK 64-Bit Server VM) --- Office-365-Connector:4.20.0 ansicolor:1.0.3 antisamy-markup-formatter:162.v0e6ec0fcfcf6 apache-httpcomponents-client-4-api:4.5.14-208.v438351942757 artifact-manager-s3:822.vf129d4836c31 atlassian-jira-software-cloud:2.0.9 audit-trail:333.vb_e1b_b_0f1238c authentication-tokens:1.53.v1c90fd9191a_b_ authorize-project:1.7.1 aws-credentials:191.vcb_f183ce58b_9 aws-global-configuration:128.ve2c5685a_09c3 aws-java-sdk:1.12.529-406.vdeff15e5817d aws-java-sdk-cloudformation:1.12.529-406.vdeff15e5817d aws-java-sdk-codebuild:1.12.529-406.vdeff15e5817d aws-java-sdk-ec2:1.12.529-406.vdeff15e5817d aws-java-sdk-ecr:1.12.529-406.vdeff15e5817d aws-java-sdk-ecs:1.12.529-406.vdeff15e5817d aws-java-sdk-efs:1.12.529-406.vdeff15e5817d aws-java-sdk-elasticbeanstalk:1.12.529-406.vdeff15e5817d aws-java-sdk-iam:1.12.529-406.vdeff15e5817d aws-java-sdk-kinesis:1.12.529-406.vdeff15e5817d aws-java-sdk-logs:1.12.529-406.vdeff15e5817d aws-java-sdk-minimal:1.12.529-406.vdeff15e5817d aws-java-sdk-secretsmanager:1.12.529-406.vdeff15e5817d aws-java-sdk-sns:1.12.529-406.vdeff15e5817d aws-java-sdk-sqs:1.12.529-406.vdeff15e5817d aws-java-sdk-ssm:1.12.529-406.vdeff15e5817d badge:1.9.1 basic-branch-build-strategies:81.v05e333931c7d bootstrap5-api:5.3.0-1 bouncycastle-api:2.29 branch-api:2.1122.v09cb_8ea_8a_724 build-user-vars-plugin:1.9 caffeine-api:3.1.8-133.v17b_1ff2e0599 checks-api:2.0.0 cloudbees-disk-usage-simple:182.v62ca_0c992a_f3 cloudbees-folder:6.848.ve3b_fd7839a_81 cobertura:1.17 code-coverage-api:4.7.0 command-launcher:100.v2f6722292ee8 commons-httpclient3-api:3.1-3 commons-lang3-api:3.13.0-62.v7d18e55f51e2 commons-text-api:1.10.0-68.v0d0b_c439292b_ configuration-as-code:1670.v564dc8b_982d0 credentials:1271.v54b_1c2c6388a_ credentials-binding:631.v861c06d062b_4 data-tables-api:1.13.5-1 display-url-api:2.3.9 docker-commons:439.va_3cb_0a_6a_fb_29 docker-workflow:572.v950f58993843 dtkit-api:3.0.2 durable-task:523.va_a_22cf15d5e0 echarts-api:5.4.0-5 email-ext:2.100 envinject:2.908.v66a_774b_31d93 envinject-api:1.199.v3ce31253ed13 file-operations:131.v32b_e7824fe95 folder-properties:1.2.1 font-awesome-api:6.4.0-2 forensics-api:2.3.0 git:5.2.0 git-client:4.4.0 github:1.37.3 github-api:1.314-431.v78d72a_3fe4c3 github-branch-source:1732.v3f1889a_c475b_ github-scm-trait-notification-context:1.1 htmlpublisher:1.32 http_request:1.18 inline-pipeline:1.0.2 instance-identity:173.va_37c494ec4e5 ionicons-api:56.v1b_1c8c49374e jackson2-api:2.15.2-350.v0c2f3f8fc595 jakarta-activation-api:2.0.1-3 jakarta-mail-api:2.0.1-3 javax-activation-api:1.2.0-6 javax-mail-api:1.6.2-9 jaxb:2.3.8-1 jdk-tool:66.vd8fa_64ee91b_d jjwt-api:0.11.5-77.v646c772fddb_0 job-dsl:1.84 jquery3-api:3.7.0-1 junit:1217.v4297208a_a_b_ce keycloak:2.3.0 kubernetes:4007.v633279962016 kubernetes-client-api:6.4.1-215.v2ed17097a_8e9 kubernetes-credentials:0.10.0 kubernetes-credentials-provider:1.225.v14f9e6b_28f53 lockable-resources:1185.v0c528656ce04 mailer:463.vedf8358e006b_ mask-passwords:150.vf80d33113e80 matrix-auth:3.1.10 matrix-project:808.v5a_b_5f56d6966 metrics:4.2.18-442.v02e107157925 mina-sshd-api-common:2.10.0-69.v28e3e36d18eb_ mina-sshd-api-core:2.10.0-69.v28e3e36d18eb_ okhttp-api:4.11.0-157.v6852a_a_fa_ec11 pipeline-build-step:505.v5f0844d8d126 pipeline-github:2.8-147.3206e8179b1c pipeline-graph-analysis:202.va_d268e64deb_3 pipeline-graph-view:198.v0844db_6ca_554 pipeline-groovy-lib:671.v07c339c842e8 pipeline-input-step:477.v339683a_8d55e pipeline-milestone-step:111.v449306f708b_7 pipeline-model-api:2.2144.v077a_d1928a_40 pipeline-model-definition:2.2144.v077a_d1928a_40 pipeline-model-extensions:2.2144.v077a_d1928a_40 pipeline-rest-api:2.33 pipeline-stage-step:305.ve96d0205c1c6 pipeline-stage-tags-metadata:2.2144.v077a_d1928a_40 pipeline-stage-view:2.33 pipeline-utility-steps:2.16.0 plain-credentials:143.v1b_df8b_d3b_e48 plugin-util-api:3.3.0 prism-api:1.29.0-7 prometheus:2.2.3 resource-disposer:0.23 robot:3.4.0 scm-api:676.v886669a_199a_a_ script-security:1273.v66c1964f0dfd snakeyaml-api:1.33-95.va_b_a_e3e47b_fa_4 sonar:2.15 ssh-agent:333.v878b_53c89511 ssh-credentials:308.ve4497b_ccd8f4 ssh-slaves:2.916.vd17b_43357ce4 sshd:3.303.vefc7119b_ec23 structs:325.vcb_307d2a_2782 timestamper:1.26 token-macro:384.vf35b_f26814ec trilead-api:2.84.v72119de229b_7 uno-choice:2.7.2 variant:59.vf075fe829ccb workflow-aggregator:596.v8c21c963d92d workflow-api:1261.va_2ff5204f17e workflow-basic-steps:1042.ve7b_140c4a_e0c workflow-cps:3773.v505e0052522c workflow-durable-task-step:1289.v4d3e7b_01546b_ workflow-job:1341.vd9fa_65f771dd workflow-multibranch:756.v891d88f2cd46 workflow-scm-step:415.v434365564324 workflow-step-api:639.v6eca_cd8c04a_a_ workflow-support:848.v5a_383b_d14921 ws-cleanup:0.45 xunit:3.1.3 ```

What Operating System are you using (both controller, and any agents involved in the problem)?

Both GNU/Linux in K8s

Reproduction steps

1. Publish test coverage results using

   recordCoverage(
      tools: [[parser: 'COBERTURA', pattern: 'test_coverage_xml.xml']],
      sourceCodeRetention: 'EVERY_BUILD',
      qualityGates: [
          [metric: 'LINE', threshold: 21],
          [metric: 'BRANCH', threshold: 9],
      ]
   )

2. Navigate to coverage report, "Files" tab, and open one of the published files

Expected Results

The file is displayed verbatim, e.g. for C++

#include <memory>
using FooPtr = std::unique_ptr<Foo, FooDeleter>;

Actual Results

Parts of file are missing, specifically those resembling HTML tags which is frequently the case with C++:

#include 
using FooPtr = std::unique_ptr;

Anything else?

No response

[uhafner]

Yes, the rendering algorithm removes all unknown tags to prevent XSS in the moment. When rewriting the code using the Prism.js source code renderer I need to take care of that problem. (I think in the warnings plugin this is implemented correctly...)