search

jenkinsci / simple-theme-plugin

A simple theme plugin for Jenkins
https://plugins.jenkins.io/simple-theme-plugin
MIT License
56 stars 46 forks source link

HTML/CSS/JS Rendering in Job Build Summary pages #146

Closed PeterChrz closed 1 year ago

PeterChrz commented 1 year ago

Jenkins and plugins versions report

Environment ``` Jenkins: 2.387.1 OS: Linux - 3.10.0-1160.88.1.el7.x86_64 Java: 11.0.19 - Eclipse Adoptium (OpenJDK 64-Bit Server VM) --- ace-editor:1.1 analysis-model-api:11.1.0 ansicolor:1.0.2 ant:481.v7b_09e538fcca antisamy-markup-formatter:159.v25b_c67cd35fb_ anything-goes-formatter:19.v3e2b_1b_3e0ee5 apache-httpcomponents-client-4-api:4.5.14-150.v7a_b_9d17134a_5 authentication-tokens:1.4 badge:1.9.1 bitbucket:223.vd12f2bca5430 blueocean:1.25.5 blueocean-autofavorite:1.2.5 blueocean-bitbucket-pipeline:1.25.8 blueocean-commons:1.25.8 blueocean-config:1.25.8 blueocean-core-js:1.25.8 blueocean-dashboard:1.25.8 blueocean-display-url:2.4.1 blueocean-events:1.25.8 blueocean-git-pipeline:1.25.8 blueocean-github-pipeline:1.25.8 blueocean-i18n:1.25.8 blueocean-jwt:1.25.8 blueocean-personalization:1.25.8 blueocean-pipeline-api-impl:1.25.8 blueocean-pipeline-editor:1.25.8 blueocean-pipeline-scm-api:1.25.8 blueocean-rest:1.25.8 blueocean-rest-impl:1.25.8 blueocean-web:1.25.8 bootstrap5-api:5.2.2-2 bouncycastle-api:2.26 branch-api:2.1071.v1a_188a_562481 build-monitor-plugin:1.13+build.202205140447 build-name-setter:2.2.0 build-timeout:1.21 build-token-root:151.va_e52fe3215fc build-user-vars-plugin:1.8 built-on-column:1.1 caffeine-api:2.9.3-65.v6a_47d0f4d1fe calendar-view:0.3.2 checks-api:2.0.0 cloudbees-bitbucket-branch-source:791.vb_eea_a_476405b cloudbees-folder:6.800.v71307ca_b_986b collapsing-console-sections:1.8.0 command-launcher:90.v669d7ccb_7c31 commons-lang3-api:3.12.0-36.vd97de6465d5b_ commons-text-api:1.10.0-36.vc008c8fcda_7b_ conditional-buildstep:1.4.2 config-autorefresh-plugin:1.0 console-column-plugin:131.vcf0ddb_8858c3 credentials:1224.vc23ca_a_9a_2cb_0 credentials-binding:523.vd859a_4b_122e6 csp:1.2 cvs:2.19.1 dark-theme:262.v0202a_4c8fb_6a dashboard-view:2.472.v9ff2a_e6a_c529 data-tables-api:1.13.3-3 display-url-api:2.3.7 docker-commons:1.21 docker-workflow:521.v1a_a_dd2073b_2e dropdown-viewstabbar-plugin:1.7 durable-task:500.v8927d9fd99d8 echarts-api:5.4.0-3 electricflow:1.1.31 email-ext:2.91 emailext-template:1.4 envinject:2.881.v37c62073ff97 envinject-api:1.199.v3ce31253ed13 extensible-choice-parameter:1.8.0 external-monitor-job:203.v683c09d993b_9 extra-columns:1.25 favorite:2.4.1 favorite-view:5.v77a_37f62782d folder-properties:1.2.1 font-awesome-api:6.3.0-2 forensics-api:2.1.0 git:4.12.1 git-changelog:3.30 git-client:3.12.0 git-server:1.11 github:1.34.3 github-api:1.303-400.v35c2d8258028 github-branch-source:1637.vd833b_7ca_7654 greenballs:1.15.1 groovy:442.v817e6d937d6c groovy-postbuild:2.3.1 handlebars:3.0.8 handy-uri-templates-2-api:2.1.8-22.v77d5b_75e6953 htmlpublisher:1.31 instance-identity:142.v04572ca_5b_265 ionicons-api:45.vf54fca_5d2154 jackson2-api:2.15.0-334.v317a_165f9b_7c jakarta-activation-api:2.0.1-1 jakarta-mail-api:2.0.1-1 javadoc:226.v71211feb_e7e9 javax-activation-api:1.2.0-6 javax-mail-api:1.6.2-8 jaxb:2.3.8-1 jdk-tool:63.v62d2fd4b_4793 jenkins-design-language:1.25.8 jersey2-api:2.37-1 jira:3.2.1 jjwt-api:0.11.5-77.v646c772fddb_0 jobConfigHistory:1207.vd28a_54732f92 jquery:1.12.4-1 jquery3-api:3.6.4-1 jsch:0.1.55.61.va_e9ee26616e7 junit:1198.ve38db_d1b_c975 ldap:2.12 mailer:438.v02c7f0a_12fa_4 mapdb-api:1.0.9-28.vf251ce40855d matrix-auth:3.1.5 matrix-combinations-parameter:1.3.1 matrix-project:789.v57a_725b_63c79 maven-plugin:3.22 mercurial:1251.va_b_121f184902 metrics:4.2.10-389.v93143621b_050 mina-sshd-api-common:2.9.2-50.va_0e1f42659a_a mina-sshd-api-core:2.9.2-50.va_0e1f42659a_a momentjs:1.1.1 monitoring:1.91.0 next-executions:1.0.15 nodelabelparameter:1.11.0 okhttp-api:4.9.3-108.v0feda04578cf pam-auth:1.10 parameterized-trigger:2.45 pipeline-build-step:2.18 pipeline-github-lib:38.v445716ea_edda_ pipeline-graph-analysis:195.v5812d95a_a_2f9 pipeline-groovy-lib:612.v84da_9c54906d pipeline-input-step:449.v77f0e8b_845c4 pipeline-milestone-step:101.vd572fef9d926 pipeline-model-api:2.2114.v2654ca_721309 pipeline-model-definition:2.2114.v2654ca_721309 pipeline-model-extensions:2.2114.v2654ca_721309 pipeline-rest-api:2.24 pipeline-stage-step:293.v200037eefcd5 pipeline-stage-tags-metadata:2.2114.v2654ca_721309 pipeline-stage-view:2.24 plain-credentials:139.ved2b_9cf7587b plugin-util-api:3.2.0 popper2-api:2.11.6-1 postbuildscript:3.1.0-375.v3db_cd92485e1 prism-api:1.29.0-4 pubsub-light:1.16 rebuild:1.34 role-strategy:562.v44e9a_e828d0e run-condition:1.5 scm-api:631.v9143df5b_e4a_a script-security:1244.ve463715a_f89c scriptler:3.5 simple-theme-plugin:160.vb_76454b_67900 snakeyaml-api:1.33-95.va_b_a_e3e47b_fa_4 sse-gateway:1.25 ssh-credentials:295.vced876c18eb_4 ssh-slaves:1.834.v622da_57f702c sshd:3.275.v9e17c10f2571 startup-trigger-plugin:2.9.3 structs:324.va_f5d6774f3a_d subversion:2.16.0 theme-manager:1.6 thinBackup:1.17 timestamper:1.18 token-macro:359.vb_cde11682e0c translation:1.16 trilead-api:2.84.v72119de229b_7 uno-choice:2.6.5 validating-string-parameter:2.8 variant:59.vf075fe829ccb view-job-filters:2.3 warnings-ng:10.1.0 windows-slaves:1.8.1 workflow-aggregator:590.v6a_d052e5a_a_b_5 workflow-api:1208.v0cc7c6e0da_9e workflow-basic-steps:980.v82219a_ed188e workflow-cps:3659.v582dc37621d8 workflow-durable-task-step:1199.v02b_9244f8064 workflow-job:1289.vd1c337fd5354 workflow-multibranch:733.v109046189126 workflow-scm-step:400.v6b_89a_1317c9a_ workflow-step-api:639.v6eca_cd8c04a_a_ workflow-support:839.v35e2736cfd5c yaml-axis:0.3.0 ```

What Operating System are you using (both controller, and any agents involved in the problem)?

All on RHEL7.9

Reproduction steps

1.) Install Simple Theme. 2.) Under Configure System, in the Theme section provide the custom CSS and JS files we would like to have render on the Build summary pages. That is the page that comes up after you click on a completed job.

Expected Results

Based on success or failure of the job we display different CSS / JS elements on the Build summary page.

Actual Results

This functionality works on the older releases of Jenkins 2.73.3 for example but does not work on the latest versions of Jenkins 2.387.1.

Anything else?

I've tried adding CSP's to open up functionlity of unsafe inline code but that does not seem to help.

The code is injected successfully into the build results page, but instead of showing as a hyperlink or JS frame, it just displays the code. Its like Jenkins is escaping the text.

TobiX commented 1 year ago

Whatever the problem is, I'm pretty sure it has nothing to do with the simple-theme-plugin, it's influence on Jenkins theming is rather minimal (and all features work fine up to at least the latest LTS version, 2.401.1, AFAICS). I suspect an interaction between Jenkins core and whatever code/CSS you are injecting into these pages. Comparing with an ancient version like 2.73.3 (from 2017-11-08, which is almost 6 years ago) doesn't really help, since there have been lots of breaking changes to the Jenkins UI since then.

Since you brought up CSP: There is an informative page on the Jenkins homepage which suggests that even light CSP usage might break core Jenkins features, so be careful with that...

PS: Your list of plugins contains quite a lot of deprecated plugins, you should probably remove them.

PeterChrz commented 1 year ago

I was hoping simple-theme-plugin wouldn't be impacting this issue. Thanks for confirming.

Agreed there's a lot to clean up here (plugins,etc) but that's the process I'm working on. This HTML rendering issue is presenting a major blocker to that process.

That's really good to know about CSP, it feels dangerous and unwieldy using it.

If you have any additional advice please let me know. I know it's a bit of a niche use case.