├── .git-blame-ignore-revs
├── .github
├── CODEOWNERS
├── dependabot.yml
└── workflows
│ ├── auto-merge-safe-deps.yml
│ ├── close-bom-if-passing.yml
│ ├── cd.yaml
│ └── jenkins-security-scan.yml
├── .mvn
├── maven.config
└── extensions.xml
├── docs
└── images
│ ├── safeHtml.png
│ └── sanitized.png
├── src
├── test
│ ├── resources
│ │ └── hudson
│ │ │ └── markup
│ │ │ └── configuration-as-code.yaml
│ └── java
│ │ └── hudson
│ │ └── markup
│ │ ├── JCasCCompatibilityTest.java
│ │ └── BasicPolicyTest.java
└── main
│ ├── resources
│ ├── hudson
│ │ └── markup
│ │ │ └── RawHtmlMarkupFormatter
│ │ │ ├── config_lv.properties
│ │ │ ├── config_lt.properties
│ │ │ ├── config_sk.properties
│ │ │ ├── config_de.properties
│ │ │ ├── config.properties
│ │ │ ├── config_fi.properties
│ │ │ ├── config_it.properties
│ │ │ ├── config_pt_PT.properties
│ │ │ ├── config_pl.properties
│ │ │ ├── config_cs.properties
│ │ │ ├── config_hu.properties
│ │ │ ├── config.jelly
│ │ │ ├── config_ko.properties
│ │ │ ├── config_ja.properties
│ │ │ ├── config_bg.properties
│ │ │ ├── config_hi_IN.properties
│ │ │ ├── config_uk.properties
│ │ │ ├── config_da.properties
│ │ │ ├── config_nl.properties
│ │ │ ├── config_nb_NO.properties
│ │ │ ├── config_fr.properties
│ │ │ ├── config_es.properties
│ │ │ ├── config_pt_BR.properties
│ │ │ ├── config_sv_SE.properties
│ │ │ ├── config_zh_CN.properties
│ │ │ ├── config_zh_TW.properties
│ │ │ └── config_ru.properties
│ └── index.jelly
│ └── java
│ └── hudson
│ └── markup
│ ├── BasicPolicy.java
│ └── RawHtmlMarkupFormatter.java
├── .gitignore
├── Jenkinsfile
├── CHANGELOG.md
├── README.adoc
└── pom.xml
/.git-blame-ignore-revs:
--------------------------------------------------------------------------------
1 | # Spotless
2 | ffe6a97fd88ae174853c40bee385d89994a325fb
3 |
--------------------------------------------------------------------------------
/.github/CODEOWNERS:
--------------------------------------------------------------------------------
1 | * @jenkinsci/antisamy-markup-formatter-plugin-developers
2 |
--------------------------------------------------------------------------------
/.mvn/maven.config:
--------------------------------------------------------------------------------
1 | -Pconsume-incrementals
2 | -Pmight-produce-incrementals
3 | -Dchangelist.format=%d.v%s
4 |
--------------------------------------------------------------------------------
/docs/images/safeHtml.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jenkinsci/antisamy-markup-formatter-plugin/master/docs/images/safeHtml.png
--------------------------------------------------------------------------------
/docs/images/sanitized.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jenkinsci/antisamy-markup-formatter-plugin/master/docs/images/sanitized.png
--------------------------------------------------------------------------------
/src/test/resources/hudson/markup/configuration-as-code.yaml:
--------------------------------------------------------------------------------
1 | jenkins:
2 | markupFormatter:
3 | rawHtml:
4 | disableSyntaxHighlighting: true
5 |
--------------------------------------------------------------------------------
/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_lv.properties:
--------------------------------------------------------------------------------
1 | # This file is under the MIT License by authors
2 |
3 | disableSyntaxHighlighting=Atsp\u0113jot sintakses izgaismo\u0161anu
4 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | /target/
2 | /work/
3 |
4 | # IntelliJ project files
5 | *.iml
6 | *.iws
7 | *.ipr
8 | .idea
9 | out
10 |
11 | # Eclipse project files
12 | /.settings/
13 | /.classpath
14 | /.project
15 |
--------------------------------------------------------------------------------
/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_lt.properties:
--------------------------------------------------------------------------------
1 | # This file is under the MIT License by authors
2 |
3 | disableSyntaxHighlighting=I\u0161jungti spalvinim\u0105 pagal sintaks\u0119
4 |
--------------------------------------------------------------------------------
/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_sk.properties:
--------------------------------------------------------------------------------
1 | # This file is under the MIT License by authors
2 |
3 | disableSyntaxHighlighting=Zak\u00E1\u017E syntaktick\u00E9 zv\u00FDraz\u0148ovanie
4 |
--------------------------------------------------------------------------------
/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_de.properties:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jenkinsci/antisamy-markup-formatter-plugin/master/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_de.properties
--------------------------------------------------------------------------------
/.github/dependabot.yml:
--------------------------------------------------------------------------------
1 | version: 2
2 | updates:
3 | - package-ecosystem: maven
4 | directory: /
5 | schedule:
6 | interval: monthly
7 | - package-ecosystem: github-actions
8 | directory: /
9 | schedule:
10 | interval: monthly
11 |
--------------------------------------------------------------------------------
/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config.properties:
--------------------------------------------------------------------------------
1 | blurb=Treats the text as HTML and sanitizes it, removing potentially unsafe elements like <script>.
2 | disableSyntaxHighlighting=Disable syntax highlighting
3 |
--------------------------------------------------------------------------------
/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_fi.properties:
--------------------------------------------------------------------------------
1 | # This file is under the MIT License by authors
2 |
3 | blurb=K\u00E4sittele teksti\u00E4 HTML:n\u00E4 ja k\u00E4yt\u00E4 sit\u00E4 sellaisenaan ilman k\u00E4\u00E4nn\u00F6st\u00E4
4 |
--------------------------------------------------------------------------------
/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_it.properties:
--------------------------------------------------------------------------------
1 | # This file is under the MIT License by authors
2 |
3 | blurb=tratta il testo come HTML e usalo senza intepretarlo
4 | disableSyntaxHighlighting=Disabilita il syntax highlighting
5 |
--------------------------------------------------------------------------------
/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_pt_PT.properties:
--------------------------------------------------------------------------------
1 | # This file is under the MIT License by authors
2 |
3 | blurb=Tratar o texto como HTML e usar sem qualquer transla\u00E7\u00E3o
4 | disableSyntaxHighlighting=Desactivar destaque de sintaxe.
5 |
--------------------------------------------------------------------------------
/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_pl.properties:
--------------------------------------------------------------------------------
1 | # This file is under the MIT License by authors
2 |
3 | blurb=Uznaj tekst za HTML i u\u017Cyj go bez jakiegokolwiek t\u0142umaczenia
4 | disableSyntaxHighlighting=Wy\u0142\u0105cz wyr\u00F3\u017Cnianie sk\u0142adni
5 |
--------------------------------------------------------------------------------
/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_cs.properties:
--------------------------------------------------------------------------------
1 | # This file is under the MIT License by authors
2 |
3 | blurb=Br\u00E1t text jako HTML a pou\u017E\u00EDt ho bez jak\u00E9hokoliv p\u0159ekladu
4 | disableSyntaxHighlighting=Zru\u0161it zv\u00FDraz\u0148ov\u00E1n\u00ED syntaxe
5 |
--------------------------------------------------------------------------------
/src/main/resources/index.jelly:
--------------------------------------------------------------------------------
1 |
2 |
3 | Uses the OWASP Java HTML Sanitizer
4 | to allow safe-seeming HTML markup to be entered in project descriptions and the like.
5 |
6 |
--------------------------------------------------------------------------------
/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_hu.properties:
--------------------------------------------------------------------------------
1 | # This file is under the MIT License by authors
2 |
3 | blurb=A sz\u00F6veg kezel\u00E9se HTML-k\u00E9nt \u00E9s felhaszn\u00E1l\u00E1sa ford\u00EDt\u00E1s n\u00E9lk\u00FCl
4 | disableSyntaxHighlighting=Szintaxis kiemel\u00E9s tilt\u00E1sa
5 |
--------------------------------------------------------------------------------
/.github/workflows/auto-merge-safe-deps.yml:
--------------------------------------------------------------------------------
1 | name: Automatically approve and merge safe dependency updates
2 | on:
3 | - pull_request_target
4 | permissions:
5 | contents: write
6 | pull-requests: write
7 | jobs:
8 | auto-merge-safe-deps:
9 | uses: jenkins-infra/github-reusable-workflows/.github/workflows/auto-merge-safe-deps.yml@v1
10 |
--------------------------------------------------------------------------------
/.github/workflows/close-bom-if-passing.yml:
--------------------------------------------------------------------------------
1 | name: Close BOM update PR if passing
2 | on:
3 | check_run:
4 | types:
5 | - completed
6 | permissions:
7 | contents: read
8 | pull-requests: write
9 | jobs:
10 | close-bom-if-passing:
11 | uses: jenkins-infra/github-reusable-workflows/.github/workflows/close-bom-if-passing.yml@v1
12 |
--------------------------------------------------------------------------------
/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config.jelly:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | ${%blurb}
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_ko.properties:
--------------------------------------------------------------------------------
1 | # This file is under the MIT License by authors
2 |
3 | blurb=\uD14D\uC2A4\uD2B8\uB97C HTML\uB85C \uB2E4\uB8E8\uACE0 \uBC88\uC5ED\uD558\uC9C0 \uC54A\uACE0 \uADF8\uB300\uB85C \uC0AC\uC6A9\uD569\uB2C8\uB2E4.
4 | disableSyntaxHighlighting=\uBB38\uBC95 \uD558\uC774\uB77C\uC774\uD305 \uBE44\uD65C\uC131\uD654
5 |
--------------------------------------------------------------------------------
/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_ja.properties:
--------------------------------------------------------------------------------
1 | blurb=\u30c6\u30ad\u30b9\u30c8\u3092HTML\u3068\u3057\u3066\u6271\u3044\u3001\u5909\u66f4\u3059\u308b\u3053\u3068\u306a\u304f\u305d\u306e\u307e\u307e\u4f7f\u7528\u3057\u307e\u3059\u3002
2 | disableSyntaxHighlighting=\u30b7\u30f3\u30bf\u30c3\u30af\u30b9\u30cf\u30a4\u30e9\u30a4\u30c8\u3092\u7121\u52b9\u306b\u3059\u308b
--------------------------------------------------------------------------------
/.mvn/extensions.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | io.jenkins.tools.incrementals
4 | git-changelist-maven-extension
5 | 1.13
6 |
7 |
8 |
--------------------------------------------------------------------------------
/.github/workflows/cd.yaml:
--------------------------------------------------------------------------------
1 | # Note: additional setup is required, see https://www.jenkins.io/redirect/continuous-delivery-of-plugins
2 |
3 | name: cd
4 | on:
5 | workflow_dispatch:
6 | check_run:
7 | types:
8 | - completed
9 |
10 | jobs:
11 | maven-cd:
12 | uses: jenkins-infra/github-reusable-workflows/.github/workflows/maven-cd.yml@v1
13 | secrets:
14 | MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
15 | MAVEN_TOKEN: ${{ secrets.MAVEN_TOKEN }}
16 |
--------------------------------------------------------------------------------
/Jenkinsfile:
--------------------------------------------------------------------------------
1 | /*
2 | See the documentation for more options:
3 |
4 | https://github.com/jenkins-infra/pipeline-library/
5 |
6 | */
7 | buildPlugin(
8 | forkCount: '1C', // run this number of tests in parallel for faster feedback. If the number terminates with a 'C', the value will be multiplied by the number of available CPU cores
9 | useContainerAgent: true, // Set to `false` if you need to use Docker for containerized tests
10 | configurations: [
11 | [platform: 'linux', jdk: 25],
12 | [platform: 'windows', jdk: 21],
13 | ])
14 |
--------------------------------------------------------------------------------
/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_bg.properties:
--------------------------------------------------------------------------------
1 | # This file is under the MIT License by authors
2 |
3 | blurb=\u0421\u0447\u0438\u0442\u0430\u0439 \u0442\u0435\u043A\u0441\u0442\u0430 \u0437\u0430 HTML \u0438 \u0433\u043E \u043F\u0440\u0438\u0435\u043C\u0438 \u0431\u0435\u0437 \u043F\u0440\u0435\u0432\u043E\u0434
4 | disableSyntaxHighlighting=\u0418\u0437\u043A\u043B\u044E\u0447\u0432\u0430\u043D\u0435 \u043D\u0430 \u043E\u0446\u0432\u0435\u0442\u044F\u0432\u0430\u043D\u0435 \u043D\u0430 \u0441\u0438\u043D\u0442\u0430\u043A\u0441\u0438\u0441\u0430
5 |
--------------------------------------------------------------------------------
/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_hi_IN.properties:
--------------------------------------------------------------------------------
1 | # This file is under the MIT License by authors
2 |
3 | blurb=\u092A\u093E\u0920 \u0915\u094B HTML \u0915\u0947 \u0930\u0942\u092A \u092E\u0947\u0902 \u0926\u0947\u0916\u093F\u090F \u0914\u0930 \u0907\u0938\u0915\u093E \u0909\u092A\u092F\u094B\u0917 \u0915\u093F\u0938\u0940 \u092D\u0940 \u0905\u0928\u0941\u0935\u093E\u0926 \u0915\u0947 \u092C\u093F\u0928\u093E \u0915\u0930\u0947\u0902
4 | disableSyntaxHighlighting=\u0935\u093E\u0915\u094D\u092F \u0930\u091A\u0928\u093E \u0938\u0947 \u092A\u094D\u0930\u0915\u093E\u0936 \u0939\u091F\u093E\u092F\u0947\u0902
5 |
--------------------------------------------------------------------------------
/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_uk.properties:
--------------------------------------------------------------------------------
1 | # This file is under the MIT License by authors
2 |
3 | blurb=\u0421\u043F\u0440\u0438\u0439\u043C\u0430\u0442\u0438 \u0442\u0435\u043A\u0441\u0442 \u044F\u043A HTML \u0456 \u0432\u0438\u043A\u043E\u0440\u0438\u0441\u0442\u043E\u0432\u0443\u0432\u0430\u0442\u0438 \u0439\u043E\u0433\u043E "\u044F\u043A \u0454" \u0431\u0435\u0437 \u0436\u043E\u0434\u043D\u043E\u0433\u043E \u043F\u0435\u0440\u0435\u043A\u043B\u0430\u0434\u0443
4 | disableSyntaxHighlighting=\u0412\u0438\u043C\u043A\u043D\u0443\u0442\u0438 \u043F\u0456\u0434\u0441\u0432\u0456\u0442\u043A\u0443 \u0441\u0438\u043D\u0442\u0430\u043A\u0441\u0438\u0441\u0443
5 |
--------------------------------------------------------------------------------
/.github/workflows/jenkins-security-scan.yml:
--------------------------------------------------------------------------------
1 | name: Jenkins Security Scan
2 |
3 | on:
4 | push:
5 | branches:
6 | - master
7 | pull_request:
8 | types: [ opened, synchronize, reopened ]
9 | workflow_dispatch:
10 |
11 | permissions:
12 | security-events: write
13 | contents: read
14 | actions: read
15 |
16 | jobs:
17 | security-scan:
18 | uses: jenkins-infra/jenkins-security-scan/.github/workflows/jenkins-security-scan.yaml@v2
19 | with:
20 | java-cache: 'maven' # Optionally enable use of a build dependency cache. Specify 'maven' or 'gradle' as appropriate.
21 | # java-version: 21 # Optionally specify what version of Java to set up for the build, or remove to use a recent default.
22 |
--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
1 | ## Changelog
2 |
3 | ### Version 1.6 and later
4 |
5 | See [GitHub
6 | releases](https://github.com/jenkinsci/antisamy-markup-formatter-plugin/releases)
7 |
8 | ### Version 1.5 (June 8, 2016)
9 |
10 | - [JENKINS-31616](https://issues.jenkins-ci.org/browse/JENKINS-31616)
11 | "Safe HTML" vulnerable to protocol-relative form action – Thank you
12 | Daniel Beck.
13 |
14 | ### Version 1.4 (Unknown) – Bad release
15 |
16 | ### Version 1.3 (Oct 30, 2014)
17 |
18 | - Minor translation fixes.
19 |
20 | ### Version 1.2 (Jun 17, 2014)
21 |
22 | - Edited display metadata to be clearer that this is not “raw HTML”.
23 |
24 | ### Version 1.1 (Apr 14, 2014)
25 |
26 | - Just updated to require 1.553.
27 |
28 | ### Version 1.0 beta 1 (Feb 17, 2014)
29 |
30 | - Split out from Jenkins core (1.553).
31 |
--------------------------------------------------------------------------------
/src/test/java/hudson/markup/JCasCCompatibilityTest.java:
--------------------------------------------------------------------------------
1 | package hudson.markup;
2 |
3 | import io.jenkins.plugins.casc.misc.RoundTripAbstractTest;
4 | import jenkins.model.Jenkins;
5 | import org.junit.Assert;
6 | import org.jvnet.hudson.test.RestartableJenkinsRule;
7 |
8 | public class JCasCCompatibilityTest extends RoundTripAbstractTest {
9 |
10 | @Override
11 | protected void assertConfiguredAsExpected(RestartableJenkinsRule restartableJenkinsRule, String s) {
12 | Jenkins jenkins = restartableJenkinsRule.j.jenkins;
13 |
14 | Assert.assertTrue(
15 | "Safe HTML markup formatter should be configured",
16 | jenkins.getMarkupFormatter() instanceof RawHtmlMarkupFormatter);
17 | }
18 |
19 | @Override
20 | protected String stringInLogExpected() {
21 | return "Setting class hudson.markup.RawHtmlMarkupFormatter.disableSyntaxHighlighting = true";
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/src/main/java/hudson/markup/BasicPolicy.java:
--------------------------------------------------------------------------------
1 | package hudson.markup;
2 |
3 | import org.kohsuke.accmod.Restricted;
4 | import org.kohsuke.accmod.restrictions.NoExternalUse;
5 | import org.owasp.html.HtmlPolicyBuilder;
6 | import org.owasp.html.PolicyFactory;
7 | import org.owasp.html.Sanitizers;
8 |
9 | public class BasicPolicy {
10 |
11 | @Restricted(NoExternalUse.class)
12 | public static final PolicyFactory ADDITIONS =
13 | new HtmlPolicyBuilder().allowElements("dl", "dt", "dd", "hr", "pre").toFactory();
14 |
15 | @Restricted(NoExternalUse.class)
16 | public static final PolicyFactory LINK_TARGETS = new HtmlPolicyBuilder()
17 | .allowElements("a")
18 | .requireRelsOnLinks("noopener", "noreferrer")
19 | .allowAttributes("target")
20 | .matching(false, "_blank")
21 | .onElements("a")
22 | .toFactory();
23 |
24 | public static final PolicyFactory POLICY_DEFINITION = Sanitizers.BLOCKS
25 | .and(Sanitizers.FORMATTING)
26 | .and(Sanitizers.IMAGES)
27 | .and(Sanitizers.LINKS)
28 | .and(Sanitizers.STYLES)
29 | .and(Sanitizers.TABLES)
30 | .and(ADDITIONS)
31 | .and(LINK_TARGETS);
32 |
33 | private BasicPolicy() {
34 | // hidden
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_da.properties:
--------------------------------------------------------------------------------
1 | # The MIT License
2 | #
3 | # Copyright (c) 2004-2010, Sun Microsystems, Inc.
4 | #
5 | # Permission is hereby granted, free of charge, to any person obtaining a copy
6 | # of this software and associated documentation files (the "Software"), to deal
7 | # in the Software without restriction, including without limitation the rights
8 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | # copies of the Software, and to permit persons to whom the Software is
10 | # furnished to do so, subject to the following conditions:
11 | #
12 | # The above copyright notice and this permission notice shall be included in
13 | # all copies or substantial portions of the Software.
14 | #
15 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21 | # THE SOFTWARE.
22 |
23 | disableSyntaxHighlighting=Sl\u00E5 syntaks markering fra
24 |
--------------------------------------------------------------------------------
/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_nl.properties:
--------------------------------------------------------------------------------
1 | # The MIT License
2 | #
3 | # Copyright (c) 2004-2010, Sun Microsystems, Inc.
4 | #
5 | # Permission is hereby granted, free of charge, to any person obtaining a copy
6 | # of this software and associated documentation files (the "Software"), to deal
7 | # in the Software without restriction, including without limitation the rights
8 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | # copies of the Software, and to permit persons to whom the Software is
10 | # furnished to do so, subject to the following conditions:
11 | #
12 | # The above copyright notice and this permission notice shall be included in
13 | # all copies or substantial portions of the Software.
14 | #
15 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21 | # THE SOFTWARE.
22 |
23 | blurb=Gebruik deze tekst als HTML zonder vertaling
24 | disableSyntaxHighlighting=Syntaxnadruk uitschakelen
25 |
--------------------------------------------------------------------------------
/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_nb_NO.properties:
--------------------------------------------------------------------------------
1 | # The MIT License
2 | #
3 | # Copyright (c) 2004-2010, Sun Microsystems, Inc.
4 | #
5 | # Permission is hereby granted, free of charge, to any person obtaining a copy
6 | # of this software and associated documentation files (the "Software"), to deal
7 | # in the Software without restriction, including without limitation the rights
8 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | # copies of the Software, and to permit persons to whom the Software is
10 | # furnished to do so, subject to the following conditions:
11 | #
12 | # The above copyright notice and this permission notice shall be included in
13 | # all copies or substantial portions of the Software.
14 | #
15 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21 | # THE SOFTWARE.
22 |
23 | blurb=Behandle teksten som HTML og bruk den uten oversettelse
24 | disableSyntaxHighlighting=Skru av syntaksmarkering
25 |
--------------------------------------------------------------------------------
/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_fr.properties:
--------------------------------------------------------------------------------
1 | # The MIT License
2 | #
3 | # Copyright (c) 2004-2010, Sun Microsystems, Inc.
4 | #
5 | # Permission is hereby granted, free of charge, to any person obtaining a copy
6 | # of this software and associated documentation files (the "Software"), to deal
7 | # in the Software without restriction, including without limitation the rights
8 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | # copies of the Software, and to permit persons to whom the Software is
10 | # furnished to do so, subject to the following conditions:
11 | #
12 | # The above copyright notice and this permission notice shall be included in
13 | # all copies or substantial portions of the Software.
14 | #
15 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21 | # THE SOFTWARE.
22 |
23 | blurb=Consid\u00E9rer le texte comme du HTML et l''utiliser sans le traduire
24 | disableSyntaxHighlighting=D\u00E9sactiver la coloration syntaxique
25 |
--------------------------------------------------------------------------------
/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_es.properties:
--------------------------------------------------------------------------------
1 | # The MIT License
2 | #
3 | # Copyright (c) 2004-, Kohsuke Kawaguchi, Sun Microsystems, Inc., and a number of other of contributers
4 | #
5 | # Permission is hereby granted, free of charge, to any person obtaining a copy
6 | # of this software and associated documentation files (the "Software"), to deal
7 | # in the Software without restriction, including without limitation the rights
8 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | # copies of the Software, and to permit persons to whom the Software is
10 | # furnished to do so, subject to the following conditions:
11 | #
12 | # The above copyright notice and this permission notice shall be included in
13 | # all copies or substantial portions of the Software.
14 | #
15 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21 | # THE SOFTWARE.
22 |
23 | blurb=Utiliza el texto como HTML
24 | disableSyntaxHighlighting=Deshabilitar coloreado de sintaxis.
25 |
--------------------------------------------------------------------------------
/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_pt_BR.properties:
--------------------------------------------------------------------------------
1 | # The MIT License
2 | #
3 | # Copyright (c) 2004-2010, Sun Microsystems, Inc.
4 | #
5 | # Permission is hereby granted, free of charge, to any person obtaining a copy
6 | # of this software and associated documentation files (the "Software"), to deal
7 | # in the Software without restriction, including without limitation the rights
8 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | # copies of the Software, and to permit persons to whom the Software is
10 | # furnished to do so, subject to the following conditions:
11 | #
12 | # The above copyright notice and this permission notice shall be included in
13 | # all copies or substantial portions of the Software.
14 | #
15 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21 | # THE SOFTWARE.
22 |
23 | blurb=Tratar o texto como HTML e us\u00E1-lo como \u00E9, sem qualquer tradu\u00E7\u00E3o
24 | disableSyntaxHighlighting=Desabilitar destaque de sintaxe
25 |
--------------------------------------------------------------------------------
/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_sv_SE.properties:
--------------------------------------------------------------------------------
1 | # The MIT License
2 | #
3 | # Copyright (c) 2004-2010, Sun Microsystems, Inc.
4 | #
5 | # Permission is hereby granted, free of charge, to any person obtaining a copy
6 | # of this software and associated documentation files (the "Software"), to deal
7 | # in the Software without restriction, including without limitation the rights
8 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | # copies of the Software, and to permit persons to whom the Software is
10 | # furnished to do so, subject to the following conditions:
11 | #
12 | # The above copyright notice and this permission notice shall be included in
13 | # all copies or substantial portions of the Software.
14 | #
15 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21 | # THE SOFTWARE.
22 |
23 | blurb=Behandla texten som HTML och anv\u00E4nd den som den \u00E4r, utan att \u00F6vers\u00E4tta den
24 | disableSyntaxHighlighting=Inaktivera syntaxmarkering
25 |
--------------------------------------------------------------------------------
/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_zh_CN.properties:
--------------------------------------------------------------------------------
1 | # The MIT License
2 | #
3 | # Copyright (c) 2004-2010, Sun Microsystems, Inc.
4 | #
5 | # Permission is hereby granted, free of charge, to any person obtaining a copy
6 | # of this software and associated documentation files (the "Software"), to deal
7 | # in the Software without restriction, including without limitation the rights
8 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | # copies of the Software, and to permit persons to whom the Software is
10 | # furnished to do so, subject to the following conditions:
11 | #
12 | # The above copyright notice and this permission notice shall be included in
13 | # all copies or substantial portions of the Software.
14 | #
15 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21 | # THE SOFTWARE.
22 |
23 | blurb=\u5C06\u6587\u672C\u4F5C\u4E3A HTML \u5E76\u4E14\u4E0D\u52A0\u4EFB\u4F55\u7FFB\u8BD1
24 | disableSyntaxHighlighting=\u7981\u7528\u8BED\u6CD5\u9AD8\u4EAE
25 |
--------------------------------------------------------------------------------
/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_zh_TW.properties:
--------------------------------------------------------------------------------
1 | # The MIT License
2 | #
3 | # Copyright (c) 2004-2010, Sun Microsystems, Inc.
4 | #
5 | # Permission is hereby granted, free of charge, to any person obtaining a copy
6 | # of this software and associated documentation files (the "Software"), to deal
7 | # in the Software without restriction, including without limitation the rights
8 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | # copies of the Software, and to permit persons to whom the Software is
10 | # furnished to do so, subject to the following conditions:
11 | #
12 | # The above copyright notice and this permission notice shall be included in
13 | # all copies or substantial portions of the Software.
14 | #
15 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21 | # THE SOFTWARE.
22 |
23 | blurb=\u5C07\u9019\u4E9B\u6587\u5B57\u8996\u70BA HTML\uFF0C\u539F\u6C41\u539F\u5473\u7684\u986F\u793A\u51FA\u4F86
24 | disableSyntaxHighlighting=\u95DC\u9589\u8A9E\u6CD5\u5F69\u8272\u6A19\u793A
25 |
--------------------------------------------------------------------------------
/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_ru.properties:
--------------------------------------------------------------------------------
1 | # The MIT License
2 | #
3 | # Copyright (c) 2004-2010, Sun Microsystems, Inc.
4 | #
5 | # Permission is hereby granted, free of charge, to any person obtaining a copy
6 | # of this software and associated documentation files (the "Software"), to deal
7 | # in the Software without restriction, including without limitation the rights
8 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | # copies of the Software, and to permit persons to whom the Software is
10 | # furnished to do so, subject to the following conditions:
11 | #
12 | # The above copyright notice and this permission notice shall be included in
13 | # all copies or substantial portions of the Software.
14 | #
15 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21 | # THE SOFTWARE.
22 |
23 | blurb=\u0422\u0440\u0430\u043A\u0442\u043E\u0432\u0430\u0442\u044C \u0442\u0435\u043A\u0441\u0442 \u043A\u0430\u043A HTML \u0438 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C \u0435\u0433\u043E "\u043A\u0430\u043A \u0435\u0441\u0442\u044C", \u0431\u0435\u0437 \u043A\u0430\u043A\u043E\u0439-\u043B\u0438\u0431\u043E \u043E\u0431\u0440\u0430\u0431\u043E\u0442\u043A\u0438
24 | disableSyntaxHighlighting=\u0412\u044B\u043A\u043B\u044E\u0447\u0438\u0442\u044C \u043F\u043E\u0434\u0441\u0432\u0435\u0442\u043A\u0443 \u0441\u0438\u043D\u0442\u0430\u043A\u0441\u0438\u0441\u0430
25 |
--------------------------------------------------------------------------------
/README.adoc:
--------------------------------------------------------------------------------
1 | = OWASP Markup Formatter Plugin
2 |
3 | This plugin is also known as "Safe HTML" Plugin and `antisamy-markup-formatter`.
4 |
5 | [NOTE]
6 | **The plugin manager contains a slightly misleading warning:**
7 | While there is no "different settings format", OWASP Markup Formatter Plugin 2.0 reduced the set of allowed elements.
8 | Previously defined descriptions may no longer look the same.
9 | The plugin can be freely upgraded to 2.0 or downgraded again to 1.8, if necessary.
10 |
11 | == About
12 |
13 | This plugin allows formatting descriptions of jobs, builds, views, etc. in Jenkins using a safe subset of HTML.
14 |
15 | This plugin sanitizes HTML sources using the https://github.com/owasp/java-html-sanitizer[OWASP Java HTML Sanitizer] and a basic policy allowing limited HTML markup in user-submitted text.
16 |
17 | Learn more:
18 | https://jenkins.io/doc/book/managing/security/#markup-formatter[Markup Formatter configuration in the Jenkins handbook]
19 |
20 |
21 | == Installation
22 |
23 | This plugin is usually installed because it's a _suggested_ plugin in the setup wizard;
24 | Administrators installing the default set of plugins will also install this plugin that way.
25 |
26 | It is also bundled in the `jenkins.war` and will automatically installed as a dependency of plugins with very old (1.553 or older) Jenkins core dependencies.
27 |
28 |
29 | == Configuration
30 |
31 | Once the plugin is installed, go to _Manage Jenkins → Configure Global Security → Markup Formatter_.
32 | Select _Safe HTML_ for the _Markup Formatter_ option.
33 |
34 | User-submitted text, like build, job, and view descriptions, will then support HTML formatting, but will be sanitized by removing potentially dangerous elements.
35 |
36 |
37 | == About Internal Names
38 |
39 | Both the file name `antisamy-markup-formatter.hpi` and the class name `RawHtmlMarkupFormatter` are misleading:
40 | Neither describes the current behavior of the plugin; both names are used for historical reasons only.
41 |
--------------------------------------------------------------------------------
/src/main/java/hudson/markup/RawHtmlMarkupFormatter.java:
--------------------------------------------------------------------------------
1 | package hudson.markup;
2 |
3 | import edu.umd.cs.findbugs.annotations.NonNull;
4 | import hudson.Extension;
5 | import java.io.IOException;
6 | import java.io.Writer;
7 | import org.kohsuke.stapler.DataBoundConstructor;
8 | import org.owasp.html.Handler;
9 | import org.owasp.html.HtmlSanitizer;
10 | import org.owasp.html.HtmlStreamRenderer;
11 |
12 | /**
13 | * {@link MarkupFormatter} that sanitizes HTML, allowing some safe (formatting) HTML.
14 | *
");
66 | assertIntact("