-
Notifications
You must be signed in to change notification settings - Fork 242
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSP compatibility improvements #533
Changes from 1 commit
122e2b2
25c1294
5eff7dc
1a36798
e9d929a
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -44,7 +44,7 @@ | |
<j:otherwise> | ||
<f:form action="configSubmit" method="POST" name="config"> | ||
<f:entry title="${%Name}" help="/plugin/credentials/help/domain/name.html"> | ||
<f:textbox field="name" id="name" onchange="updateSave(this.form)" onkeyup="updateSave(this.form)"/> | ||
<f:textbox field="name" clazz="required-for-submit"/> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Moved to |
||
</f:entry> | ||
<f:entry title="${%Description}" help="/plugin/credentials/help/domain/description.html"> | ||
<f:textarea field="description"/> | ||
|
@@ -54,28 +54,14 @@ | |
items="${instance.specifications}"/> | ||
</f:entry> | ||
<f:bottomButtonBar> | ||
<input type="submit" name="Submit" value="${%Save}" id="save" class="submit-button primary" /> | ||
<button formnovalidate="formNoValidate" id="save" name="Submit" class="jenkins-button jenkins-button--primary"> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Switched to standard button to avoid the need for |
||
${%Save} | ||
</button> | ||
</f:bottomButtonBar> | ||
</f:form> | ||
</j:otherwise> | ||
</j:choose> | ||
<script><![CDATA[ | ||
var saveButton = makeButton(document.getElementById('save'), null); | ||
function updateSave(form) { | ||
function state() { | ||
return (document.getElementById('name').value.length === 0); | ||
} | ||
saveButton.set('disabled', state(), false); | ||
} | ||
updateSave(saveButton.getForm()); | ||
window.setTimeout(function () { | ||
// TODO remove this JENKINS-24662 workaround when baseline core has fix for root cause | ||
layoutUpdateCallback.call(); | ||
}, 1000); | ||
]]></script> | ||
<st:adjunct includes="com.cloudbees.plugins.credentials.common.formBehaviour"/> | ||
</l:main-panel> | ||
</l:layout> | ||
</j:jelly> |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -72,10 +72,6 @@ | |
<f:submit value="${%Create}"/> | ||
</f:bottomButtonBar> | ||
</f:form> | ||
<script> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The sticky footer no longer needs realigning explicitly from JS. |
||
// TODO remove this JENKINS-24662 workaround when baseline core has fix for root cause | ||
window.setTimeout(function(){layoutUpdateCallback.call();}, 1000); | ||
</script> | ||
</l:main-panel> | ||
</l:layout> | ||
</j:jelly> |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
Behaviour.specify(".required-for-submit", 'required-for-submit', -99, function(requiredField) { | ||
const saveButton = requiredField.closest("form").querySelector('[name="Submit"]'); | ||
function updateSave() { | ||
const state = requiredField.value.length === 0; | ||
saveButton.disabled = state; | ||
} | ||
requiredField.addEventListener('input', updateSave); | ||
updateSave(saveButton); | ||
}); | ||
|
||
Behaviour.specify(".autofocus", "autofocus", 0, function(el) { | ||
el.focus(); | ||
}); |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
// multiple objects named "password" in the form => | ||
// extend findNearBy to allow selecting by id | ||
if (!findNearBy.patched) { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think allowing IDs or CSS selectors in @daniel-beck do you have a better idea? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @jenkinsci/core-security-review Any objection to this technique? |
||
var oldNearBy = findNearBy; | ||
findNearBy = function(el, name) { | ||
return name.charAt(0) == '#' ? document.querySelector(name.split('/')[0]) : oldNearBy(el, name); | ||
} | ||
findNearBy.patched = true; | ||
} | ||
|
||
Behaviour.specify(".certificate-file-upload", 'certificate-file-upload', -99, function(uploadedCertFileInput) { | ||
// Adding a onChange method on the file input to retrieve the value of the file content in a variable | ||
var fileId = uploadedCertFileInput.id; | ||
var _onchange = uploadedCertFileInput.onchange; | ||
if (typeof _onchange === "function") { | ||
uploadedCertFileInput.onchange = function() { fileOnChange(this); _onchange.call(this); } | ||
} else { | ||
uploadedCertFileInput.onchange = fileOnChange.bind(uploadedCertFileInput); | ||
} | ||
const base64field = uploadedCertFileInput.closest('.radioBlock-container').querySelector('[name="certificateBase64"]'); | ||
function fileOnChange() { | ||
try { // inspired by https://stackoverflow.com/a/754398 | ||
var uploadedCertFileInputFile = uploadedCertFileInput.files[0]; | ||
var reader = new FileReader(); | ||
reader.onload = function (evt) { | ||
base64field.value = btoa(evt.target.result); | ||
var uploadedKeystore = document.getElementById(fileId + "-textbox"); | ||
uploadedKeystore.onchange(uploadedKeystore); | ||
} | ||
reader.onerror = function (evt) { | ||
if (window.console !== null) { | ||
console.warn("Error during loading uploadedCertFile content", evt); | ||
} | ||
uploadedCertFile[fileId] = ''; | ||
} | ||
|
||
reader.readAsBinaryString(uploadedCertFileInputFile); | ||
} | ||
catch(e){ | ||
if (window.console !== null) { | ||
console.warn("Unable to retrieve uploadedCertFile content"); | ||
} | ||
} | ||
} | ||
|
||
// workaround for JENKINS-19124 | ||
zbynek marked this conversation as resolved.
Show resolved
Hide resolved
|
||
// without this script, the password changes will be not trigger the check on the uploadedKeystore | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The code changed significantly but the reasoning is still the same: I couldn't find a way how to make There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The relative path can't be just |
||
var r = window.document.getElementById(fileId + "-textbox"); | ||
var p = findNextFormItem(r, 'password'); | ||
if (p) { | ||
const dependsOn = r.getAttribute('checkDependsOn'); | ||
if (!dependsOn.includes(p.id)) { | ||
r.setAttribute('checkDependsOn', dependsOn + ' #' + p.id + "/password"); | ||
} | ||
} | ||
}); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The sticky footer no longer needs realigning explicitly from JS.