Skip to content

Commit e482208

Browse files
KostyaShaKostyaSha
authored
Merge pull request #396 from daniel-beck/fix-onsubmit
Remove `onsubmit` inline JS to improve CSP compatibility
2 parents 358149f + 76d381b commit e482208

3 files changed

Lines changed: 53 additions & 21 deletions

File tree

  • github-pullrequest-plugin/src/main

github-pullrequest-plugin/src/main/resources/com/github/kostyasha/github/integration/branch/GitHubBranchRepository/index.groovy

Lines changed: 22 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -48,8 +48,11 @@ l.layout(title: "GitHub Branch Status") {
4848
div(style: "display: inline-block") {
4949
if (h.hasPermission(my.job, Item.BUILD)) {
5050
def runTrigger = "runTrigger";
51-
form(method: "post", action: "runTrigger", onsubmit: "return callFeature(this, ${runTrigger})",
52-
style: "float: right; margin-right: 100px") {
51+
form(method: "post", action: "runTrigger",
52+
style: "float: right; margin-right: 100px",
53+
class: "callFeature no-json",
54+
'data-answerPlaceId': runTrigger,
55+
'data-parameters': "{}") {
5356
f.submit(value: _("Run Branch Trigger"))
5457
div(id: runTrigger)
5558
}
@@ -78,8 +81,10 @@ l.layout(title: "GitHub Branch Status") {
7881
// escape anything that isn't alphanumeric
7982
def escapedBuild = escapeEcmaScript(branch.name);
8083
form(method: "post", action: "build",
81-
onsubmit: "return callFeature(this, ${buildResultId}, {'branchName' : '${escapedBuild}' })",
82-
style: "float:left") {
84+
style: "float:left",
85+
class: "callFeature no-json",
86+
'data-answerPlaceId': buildResultId,
87+
'data-parameters': """{"branchName": "${escapedBuild}" }""") {
8388
f.submit(value: _("Build"))
8489
div(id: buildResultId) // some text from response
8590
}
@@ -91,8 +96,10 @@ l.layout(title: "GitHub Branch Status") {
9196
def escapedRebuild = escapeEcmaScript(branch.name);
9297
form(method: "post",
9398
action: "rebuild",
94-
onsubmit: "return callFeature(this, ${rebuildResultId}, {'branchName' : '${escapedRebuild}' })",
95-
style: "float: left; margin-right: 100px") {
99+
style: "float: left; margin-right: 100px",
100+
class: "callFeature no-json",
101+
'data-answerPlaceId': rebuildResultId,
102+
'data-parameters': """{"branchName": "${escapedRebuild}" }""") {
96103
f.submit(value: _("Rebuild last branch build"))
97104
div(id: rebuildResultId) // some text from response
98105
}
@@ -109,17 +116,22 @@ l.layout(title: "GitHub Branch Status") {
109116
form(method: "post",
110117
name: "rebuildAllFailed",
111118
action: "rebuildAllFailed",
112-
onsubmit: "return callFeature(this, ${rebuildAllFailedId})",
113-
style: "float: right; margin-right: 100px") {
119+
style: "float: right; margin-right: 100px",
120+
class: "callFeature no-json",
121+
'data-answerPlaceId': rebuildAllFailedId,
122+
'data-parameters': "{}") {
114123
f.submit(value: _("Rebuild all failed builds"))
115124
div(id: rebuildAllFailedId)
116125
}
117126
}
118127

119128
if (h.hasPermission(my.job, Item.DELETE)) {
120129
def clearRepoId = "clearRepoResult";
121-
form(method: "post", action: "clearRepo", onsubmit: "return callFeature(this, ${clearRepoId})",
122-
style: "float: left") {
130+
form(method: "post", action: "clearRepo",
131+
style: "float: left",
132+
class: "callFeature no-json",
133+
'data-answerPlaceId': clearRepoId,
134+
'data-parameters': "{}") {
123135
f.submit(value: _("Remove all repo data"))
124136
div(id: clearRepoId)
125137
}

github-pullrequest-plugin/src/main/resources/org/jenkinsci/plugins/github/pullrequest/GitHubPRRepository/index.groovy

Lines changed: 19 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -38,8 +38,10 @@ l.layout(title: "GitHub Pull Request Status") {
3838
div(style: "display: inline-block") {
3939
if (h.hasPermission(my.job, Item.BUILD)) {
4040
def runTrigger = "runTrigger";
41-
form(method: "post", action: "runTrigger", onsubmit: "return callFeature(this, ${runTrigger})",
42-
style: "float: right; margin-right: 100px") {
41+
form(method: "post", action: "runTrigger", style: "float: right; margin-right: 100px",
42+
class: "callFeature no-json",
43+
'data-answerPlaceId': runTrigger,
44+
'data-parameters': "{}") {
4345
f.submit(value: _("Run GH PR Trigger"))
4446
div(id: runTrigger)
4547
}
@@ -68,8 +70,10 @@ l.layout(title: "GitHub Pull Request Status") {
6870
// build local PR button
6971
def buildResultId = "buildResult" + pr.number;
7072
form(method: "post", action: "build",
71-
onsubmit: "return callFeature(this, ${buildResultId}, {'prNumber' : '${pr.number}' })",
72-
style: "float: left; ") {
73+
style: "float: left; ",
74+
class: "callFeature no-json",
75+
'data-answerPlaceId': buildResultId,
76+
'data-parameters': """{"prNumber" : "${pr.number}" }""") {
7377
f.submit(value: _("Build"))
7478
div(id: buildResultId) // some text from responce
7579
}
@@ -78,8 +82,10 @@ l.layout(title: "GitHub Pull Request Status") {
7882
if (builds != null && !builds.isEmpty()) {
7983
def rebuildId = "rebuildResult" + pr.number;
8084
form(method: "post", action: "rebuild",
81-
onsubmit: "return callFeature(this, ${rebuildId}, {'prNumber' : ${pr.number} })",
82-
style: "float: right; margin-right: 100px") {
85+
style: "float: right; margin-right: 100px",
86+
class: "callFeature no-json",
87+
'data-answerPlaceId': rebuildId,
88+
'data-parameters': """{"prNumber" : "${pr.number}" }""") {
8389
f.submit(value: _("Rebuild last build"))
8490
div(id: rebuildId)
8591
}
@@ -97,17 +103,20 @@ l.layout(title: "GitHub Pull Request Status") {
97103
form(method: "post",
98104
name: "rebuildAllFailed",
99105
action: "rebuildAllFailed",
100-
onsubmit: "return callFeature(this, ${rebuildAllFailedId})",
101-
style: "float: right; margin-right: 100px") {
106+
style: "float: right; margin-right: 100px",
107+
class: "callFeature no-json",
108+
'data-answerPlaceId': rebuildAllFailedId,
109+
'data-parameters': "{}") {
102110
f.submit(value: _("Rebuild all failed builds"))
103111
div(id: rebuildAllFailedId)
104112
}
105113
}
106114

107115
if (h.hasPermission(my.job, Item.DELETE)) {
108116
def clearRepoId = "clearRepoResult";
109-
form(method: "post", action: "clearRepo", onsubmit: "return callFeature(this, ${clearRepoId})",
110-
style: "float: left") {
117+
form(method: "post", action: "clearRepo",
118+
style: "float: left", class: "callFeature no-json",
119+
'data-answerPlaceId': clearRepoId, 'data-parameters': "{}") {
111120
f.submit(value: _("Remove all repo data"))
112121
div(id: clearRepoId)
113122
}

github-pullrequest-plugin/src/main/webapp/scripts/featureButton.js

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,17 @@ function callFeature(button, answerPlaceId, parameters) {
1010
answerPlaceId.innerHTML = responseText;
1111
});
1212
});
13-
return false;
1413
}
1514

15+
document.addEventListener('DOMContentLoaded', function() {
16+
document.querySelectorAll('form.callFeature').forEach(function (form) {
17+
form.onsubmit = (evt) => {
18+
evt.preventDefault();
19+
let parameters = JSON.parse(form.dataset.parameters);
20+
let answerPlaceId = form.dataset.answerPlaceId;
21+
let self = form;
22+
23+
callFeature(self, answerPlaceId, parameters);
24+
};
25+
});
26+
});

0 commit comments

Comments
 (0)