Strange output in footer

[evictor]

I'm seeing what looks like unformatted/code output in the footer. I'm on latest Jenkins at this time, 2.138.3. I can't recall when this popped up but I'm pretty sure it was when I upgraded to 2.138.x. LMK what debug output I might be able to provide.

[m-bucher]

Same here on Jenkins 2.138.3 and Plugin version 0.0.10 (also tried 0.0.9) Looks like the HTML has '<' HTML-encoded: <br/>To remove this message, please <a href='#' onclick='javascript:removeLog();'>click here</a>

[evictor]

Bit more than cosmetic because it also covers the last bits of console output, which are often the most important. :(

Thx for reading

[amandel]

You need to set -Dorg.kohsuke.stapler.jelly.CustomJellyContext.escapeByDefault=false which helps in this case. There are several things broken with this change in Jenkins. See https://jenkins.io/blog/2018/10/10/security-updates/ and https://wiki.jenkins.io/display/JENKINS/Plugins+affected+by+2018-10-10+Stapler+security+hardening

[evictor]

Thanks for the note. Is it safe to say the blanket disabling is just a band-aid and a patch should still be made so the plugin itself can handle the reconfiguration?

[mikemol]

Indeed, it would be really nice if the plugin could be targeted about disabling the escaping logic.

[jeinstei]

Same issue, just to report it. It looks like the j:set var="msg" block creates a commented out span, and not what the code is expecting.

[aba-rechsteiner]

+1