Please fix the stored XSS vulnerability

[noodles101]

Jenkins and plugins versions report

Environment

```text Jenkins: 2.357 OS: Windows 10 - 10.0 --- ace-editor:1.1 ant:475.vf34069fef73c antisamy-markup-formatter:2.7 apache-httpcomponents-client-4-api:4.5.13-1.0 authentication-tokens:1.4 authorize-project:1.4.0 backup:1.6.1 bootstrap4-api:4.6.0-5 bootstrap5-api:5.1.3-7 bouncycastle-api:2.26 branch-api:2.1046.v0ca_37783ecc5 build-timeout:1.21 built-on-column:1.1 caffeine-api:2.9.3-65.v6a_47d0f4d1fe checks-api:1.7.4 cloudbees-folder:6.729.v2b_9d1a_74d673 command-launcher:84.v4a_97f2027398 conditional-buildstep:1.4.2 credentials:1129.vef26f5df883c credentials-binding:523.vd859a_4b_122e6 dashboard-view:2.432.va_712ce35862d date-parameter:0.0.4 display-url-api:2.3.6 docker-commons:1.19 docker-workflow:1.29 durable-task:496.va67c6f9eefa7 echarts-api:5.3.3-1 email-ext:2.89 emailext-template:1.4 envinject:2.866.v5c0403e3d4df envinject-api:1.199.v3ce31253ed13 external-monitor-job:191.v363d0d1efdf8 extreme-notification:1.6 font-awesome-api:6.1.1-1 git:4.11.3 git-client:3.11.0 git-parameter:0.9.17 git-server:1.11 github:1.34.4 github-api:1.303-400.v35c2d8258028 github-branch-source:1656.v77eddb_b_e95df gitlab-plugin:1.5.35 gradle:1.39.2 handlebars:3.0.8 instance-identity:3.1 jackson2-api:2.13.3-285.vc03c0256d517 javadoc:217.v905b_86277a_2a_ javax-activation-api:1.2.0-3 javax-mail-api:1.6.2-6 jaxb:2.3.6-1 jdk-tool:1.5 jersey2-api:2.36-2 jjwt-api:0.11.5-77.v646c772fddb_0 jnr-posix-api:3.1.7-3 jquery:1.12.4-1 jquery-detached:1.2.1 jquery3-api:3.6.0-4 jsch:0.1.55.2 junit:1119.1121.vc43d0fc45561 ldap:2.10 locale:144.v1a_998824ddb_3 lockable-resources:2.15 mailer:414.vcc4c33714601 mapdb-api:1.0.9.0 matrix-auth:2.6.11 matrix-project:772.v494f19991984 mina-sshd-api-common:2.8.0-21.v493b_6b_db_22c6 mina-sshd-api-core:2.8.0-21.v493b_6b_db_22c6 momentjs:1.1.1 okhttp-api:4.9.3-105.vb96869f8ac3a pam-auth:1.8 parameterized-trigger:2.44 pipeline-build-step:2.18 pipeline-github-lib:38.v445716ea_edda_ pipeline-graph-analysis:195.v5812d95a_a_2f9 pipeline-groovy-lib:593.va_a_fc25d520e9 pipeline-input-step:449.v77f0e8b_845c4 pipeline-milestone-step:101.vd572fef9d926 pipeline-model-api:2.2097.v33db_b_de764b_e pipeline-model-definition:2.2097.v33db_b_de764b_e pipeline-model-extensions:2.2097.v33db_b_de764b_e pipeline-rest-api:2.24 pipeline-stage-step:293.v200037eefcd5 pipeline-stage-tags-metadata:2.2097.v33db_b_de764b_e pipeline-stage-view:2.24 plain-credentials:1.8 plugin-util-api:2.17.0 popper-api:1.16.1-3 popper2-api:2.11.5-2 rebuild:1.34 resource-disposer:0.19 run-condition:1.5 scm-api:608.vfa_f971c5a_a_e9 script-security:1175.v4b_d517d6db_f0 snakeyaml-api:1.30.2-76.vc104f7ce9870 ssh-credentials:291.v8211e4f8efb_c ssh-slaves:1.821.vd834f8a_c390e sshd:3.242.va_db_9da_b_26a_c3 structs:318.va_f3ccb_729b_71 subversion:2.15.5 thinBackup:1.10 timestamper:1.18 token-macro:293.v283932a_0a_b_49 trilead-api:1.57.v6e90e07157e1 variant:1.4 windows-slaves:1.8.1 workflow-aggregator:590.v6a_d052e5a_a_b_5 workflow-api:1165.v02c3db_a_6b_e36 workflow-basic-steps:948.v2c72a_091b_b_68 workflow-cps:2725.v7b_c717eb_12ce workflow-durable-task-step:1155.v79567b_e0a_2de workflow-job:1189.va_d37a_e9e4eda_ workflow-multibranch:716.vc692a_e52371b_ workflow-scm-step:400.v6b_89a_1317c9a_ workflow-step-api:625.vd896b_f445a_f8 workflow-support:820.vd1a_6cc65ef33 ws-cleanup:0.42 ```

Please fix the stored XSS vulnerability.

What Operating System are you using (both controller, and any agents involved in the problem)?

Windows

Reproduction steps

Please fix the stored XSS vulnerability.

Expected Results

https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784

Actual Results

Anything else?

No response

/assign @leejaycoke @PierreBtz

[PierreBtz]

@noodles101 unsure why I'm tagged in this, I'm not maintaining this plugin.

[DemiurgeKH3]

@leejaycoke may be ?

[noodles101]

Now we need @leejaycoke or @PierreBtz to look into #13 so this fix could be released.

[PierreBtz]

@noodles101, I'll reiterate one more time I'm not maintaining this plugin. Please stop pinging me.