Branch: refs/heads/master Home: https://github.com/jenkinsci/role-strategy-plugin Commit: be9f68eb045be4669a9ef2446052371050c155b3 https://github.com/jenkinsci/role-strategy-plugin/commit/be9f68eb045be4669a9ef2446052371050c155b3 Author: Markus Winter <m.win...@sap.com> Date: 2022-07-03 (Sun, 03 Jul 2022)
Changed paths: M src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/assign-agent-roles.jelly M src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/assign-global-roles.jelly M src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/assign-project-roles.jelly M src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/assign-roles.jelly M src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/manage-agent-roles.jelly M src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/manage-global-roles.jelly M src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/manage-project-roles.jelly M src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/manage-roles.jelly M src/main/webapp/js/table.js Log Message: ----------- [JENKINS-68870] properly escape tooltip texts after adding a new role/user the tooltips when hovering over the checkboxes where not properly escaped which is a potential XSS. But it applies only to admin so no real security risk. Also fixes JENKINS-55414 where patterns were double escaped without need. Commit: 1ccebbe3e59f356aa0fabec2427ab8cde1d0810f https://github.com/jenkinsci/role-strategy-plugin/commit/1ccebbe3e59f356aa0fabec2427ab8cde1d0810f Author: Markus Winter <m.win...@sap.com> Date: 2022-07-03 (Sun, 03 Jul 2022) Changed paths: M src/main/webapp/js/table.js Log Message: ----------- also escape > Commit: 859673312a1438c879effe930b68ea2b751c67e8 https://github.com/jenkinsci/role-strategy-plugin/commit/859673312a1438c879effe930b68ea2b751c67e8 Author: Markus Winter <m.win...@sap.com> Date: 2022-07-03 (Sun, 03 Jul 2022) Changed paths: M src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/assign-agent-roles.jelly M src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/assign-global-roles.jelly M src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/assign-project-roles.jelly M src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/assign-roles.jelly M src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/manage-agent-roles.jelly M src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/manage-global-roles.jelly M src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/manage-project-roles.jelly M src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/manage-roles.jelly M src/main/webapp/js/table.js Log Message: ----------- Merge pull request #201 from mawinter69/JENKINS-68870 [JENKINS-68870] properly escape tooltip texts Compare: https://github.com/jenkinsci/role-strategy-plugin/compare/18a75e1ea14b...859673312a14 -- You received this message because you are subscribed to the Google Groups "Jenkins Commits" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-commits+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/role-strategy-plugin/push/refs/heads/master/18a75e-859673%40github.com.