[JENKINS-39618] HTML in portlet 'Display Name' not rendered in versions more recent than 2.9.7

jenkinsci / dashboard-view-plugin

Jenkins dashboard-view plugin

https://plugins.jenkins.io/dashboard-view/

MIT License

46 stars 105 forks source link

[JENKINS-39618] HTML in portlet 'Display Name' not rendered in versions more recent than 2.9.7 #210

Open TobiX opened 7 years ago

TobiX commented 7 years ago

Dashboard View Plugin v2.9.10: Does not render HTML in 'Display Name' section
This was very helpful to customize the portlets. Plugin versions up to v2.9.7 correctly render the HTML.

Originally reported by ioannis, imported from: HTML in portlet 'Display Name' not rendered in versions more recent than 2.9.7

assignee: tgr
status: Open
priority: Minor
resolution: Unresolved
imported: 2022-10-30

TobiX commented 6 years ago

tgr:

This was probably broken by https://github.com/jenkinsci/dashboard-view-plugin/commit/0855c2c4c853df0def0846f5bf966d56d973685f - Need to evaluate if we can safely disable escaping for this field. Probably not, since that would allow users to mount XSS attacks against other users...

TobiX commented 6 years ago

ioannis:

That is rather unfortunate! It was a really useful feature and I was using it a lot. Any other ideas whether we can enhance the display name tabs? Till then I may have to stick to v2.9.7.

Thanks and best regards

TobiX commented 5 years ago

tgr:

Ioannis Moutsatsos ~~This bug is probably in the rich-text-publisher-plugin, there is nothing I can do in the dashboard-view-plugin.~~ Ah, I see now, it's about the portlet titles. I think the functionality can be partially restored by passing the text through the configured markup sanitizer...