search

jenkinsci / code-coverage-api-plugin

Deprecated Jenkins Code Coverage Plugin
https://plugins.jenkins.io/code-coverage-api/
MIT License
111 stars 77 forks source link

HTML code in file view is not being escaped #799

Closed stefan6419846 closed 10 months ago

stefan6419846 commented 10 months ago

Jenkins and plugins versions report

Environment ```text Jenkins: 2.428 OS: Linux - 5.14.21-150400.24.88-default Java: 11.0.20.1 - Oracle Corporation (OpenJDK 64-Bit Server VM) --- PrioritySorter:5.0.0 URLSCM:1.6 analysis-model-api:11.10.0 android-emulator:592.vb_b_6d427f1923 ansicolor:1.0.4 ant:497.v94e7d9fffa_b_9 antisamy-markup-formatter:162.v0e6ec0fcfcf6 apache-httpcomponents-client-4-api:4.5.14-208.v438351942757 authentication-tokens:1.53.v1c90fd9191a_b_ bootstrap5-api:5.3.2-1 bouncycastle-api:2.29 branch-api:2.1128.v717130d4f816 build-name-setter:2.4.0 build-user-vars-plugin:1.9 built-on-column:1.4 caffeine-api:3.1.8-133.v17b_1ff2e0599 checks-api:2.0.2 cloudbees-folder:6.848.ve3b_fd7839a_81 code-coverage-api:4.9.0 command-launcher:107.v773860566e2e commons-lang3-api:3.13.0-62.v7d18e55f51e2 commons-text-api:1.10.0-78.v3e7b_ea_d5a_fe1 compact-columns:1.185.vf3851b_4d31fe conditional-buildstep:1.4.3 credentials:1293.vff276f713473 credentials-binding:636.v55f1275c7b_27 dark-theme:372.v79b_02c754b_29 data-tables-api:1.13.6-5 description-setter:1.10 display-url-api:2.200.vb_9327d658781 docker-commons:439.va_3cb_0a_6a_fb_29 dtkit-api:3.0.2 durable-task:523.va_a_22cf15d5e0 echarts-api:5.4.0-6 email-ext:2.102 envinject:2.908.v66a_774b_31d93 envinject-api:1.199.v3ce31253ed13 external-monitor-job:215.v2e88e894db_f8 extra-columns:1.26 fail-the-build-plugin:5.v153b_2c826ef0 favorite:2.4.3 font-awesome-api:6.4.2-1 forensics-api:2.3.0 git:5.2.0 git-client:4.5.0 git-forensics:2.0.0 git-server:99.va_0826a_b_cdfa_d github:1.37.3 github-api:1.316-451.v15738eef3414 github-branch-source:1741.va_3028eb_9fd21 google-oauth-plugin:1.318.vb_39c5db_e3041 google-play-android-publisher:4.2 gradle:2.8.2 handy-uri-templates-2-api:2.1.8-22.v77d5b_75e6953 htmlpublisher:1.32 http_request:1.18 instance-identity:173.va_37c494ec4e5 ionicons-api:56.v1b_1c8c49374e jackson2-api:2.15.3-366.vfe8d1fa_f8c87 jakarta-activation-api:2.0.1-3 jakarta-mail-api:2.0.1-3 javadoc:243.vb_b_503b_b_45537 javax-activation-api:1.2.0-6 javax-mail-api:1.6.2-9 jaxb:2.3.8-1 jdk-tool:73.vddf737284550 jenkins-design-language:1.27.8 jjwt-api:0.11.5-77.v646c772fddb_0 jnr-posix-api:3.1.18-1 jquery:1.12.4-1 jquery3-api:3.7.1-1 jsch:0.2.8-65.v052c39de79b_2 junit:1240.vf9529b_881428 ldap:701.vf8619de9160a_ locale:314.v22ce953dfe9e lockable-resources:1185.v0c528656ce04 mailer:463.vedf8358e006b_ mapdb-api:1.0.9-28.vf251ce40855d matrix-auth:3.2.1 matrix-project:818.v7eb_e657db_924 maven-plugin:3.23 mina-sshd-api-common:2.10.0-69.v28e3e36d18eb_ mina-sshd-api-core:2.10.0-69.v28e3e36d18eb_ monitoring:1.95.0 oauth-credentials:0.646.v02b_66dc03d2e okhttp-api:4.11.0-157.v6852a_a_fa_ec11 pam-auth:1.10 parameterized-trigger:2.46 pipeline-build-step:505.v5f0844d8d126 pipeline-github-lib:42.v0739460cda_c4 pipeline-graph-analysis:202.va_d268e64deb_3 pipeline-groovy-lib:689.veec561a_dee13 pipeline-input-step:477.v339683a_8d55e pipeline-milestone-step:111.v449306f708b_7 pipeline-model-api:2.2144.v077a_d1928a_40 pipeline-model-definition:2.2144.v077a_d1928a_40 pipeline-model-extensions:2.2144.v077a_d1928a_40 pipeline-rest-api:2.33 pipeline-stage-step:305.ve96d0205c1c6 pipeline-stage-tags-metadata:2.2144.v077a_d1928a_40 pipeline-stage-view:2.33 pipeline-utility-steps:2.16.0 plain-credentials:143.v1b_df8b_d3b_e48 plugin-usage-plugin:4.2 plugin-util-api:3.6.0 port-allocator:1.10 postbuildscript:3.2.0-550.v88192b_d3e922 prism-api:1.29.0-8 pubsub-light:1.17 run-condition:1.7 scm-api:676.v886669a_199a_a_ script-security:1275.v23895f409fb_d scriptler:321.v74a_851a_e7ed6 simple-theme-plugin:172.v4b_8766c70078 slave-setup:1.16 snakeyaml-api:2.2-111.vc6598e30cc65 sse-gateway:1.26 ssh-credentials:308.ve4497b_ccd8f4 ssh-slaves:2.916.vd17b_43357ce4 sshd:3.312.v1c601b_c83b_0e structs:325.vcb_307d2a_2782 theme-manager:215.vc1ff18d67920 timestamper:1.26 token-macro:384.vf35b_f26814ec trilead-api:2.84.v72119de229b_7 variant:60.v7290fc0eb_b_cd view-job-filters:369.ve0513a_a_f5524 warnings-ng:10.5.0 workflow-aggregator:596.v8c21c963d92d workflow-api:1283.v99c10937efcb_ workflow-basic-steps:1042.ve7b_140c4a_e0c workflow-cps:3802.vd42b_fcf00b_a_c workflow-durable-task-step:1289.v4d3e7b_01546b_ workflow-job:1348.v32a_a_f150910e workflow-multibranch:756.v891d88f2cd46 workflow-scm-step:415.v434365564324 workflow-step-api:639.v6eca_cd8c04a_a_ workflow-support:865.v43e78cc44e0d ```

What Operating System are you using (both controller, and any agents involved in the problem)?

OpenSUSE Leap 15.4

Reproduction steps

  1. Generate a coverage report which includes the coverage for the source response.write('<h3>Title</h3>')
  2. Go to the file/line coverage report.

Expected Results

The <h3> tags are visible in the source code.

Actual Results

The <h3> tags are not visible, while the corresponding text is rendered as heading.

ksnip_20231023-174350

Anything else?

No response

uhafner commented 10 months ago

This is already tracked as #760.