Fixed support of the HTML tags in the description of parameters

[jiri-meluzin]

Previously description shows HTML tags instead of rendered them as HTML.

As-is

To-Be

The Input plugin itself uses default parameter rendering so it renders the description as HTML.

Testing done

I have extended as-is unit test with check of description so it contains the html tags.

Submitter checklist

Preview Give feedback

1. Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
2. Ensure that the pull request title represents the desired changelog entry
3. Please describe what you did
4. Link to relevant issues in GitHub or Jira
5. Link to relevant pull requests, esp. upstream and downstream changes
6. Ensure you have provided tests - that demonstrates feature works or fixes the issue

[jiri-meluzin]

Could somebody check the build? I suppose the build is somehow broken, as other pullrequests fail too and only build on windows-17 fails.

I have tried clean install of windows + jdk 17 + mvn and build succeeded. I could not reproduce the error:
[2024-05-19T13:14:52.945Z] [INFO] > parcel build --public-url ./ ./src/main/js/stageview.js --dist-dir ./src/main/webapp/jsmodules && parcel build --public-url ./ ./src/main/js/stageview_adjunct.js --dist-dir ./target/generated-adjuncts/org/jenkinsci/pipeline [2024-05-19T13:14:52.945Z] [INFO] [2024-05-19T13:14:53.555Z] [INFO] Building... [2024-05-19T13:14:54.065Z] [INFO] 🚨 Build failed. [2024-05-19T13:14:54.066Z] [INFO] [2024-05-19T13:14:54.066Z] [INFO] Error: The specified procedure could not be found. [2024-05-19T13:14:54.066Z] [INFO] \\\?\C:\Jenkins\agent\workspace\ipeline-stage-view-plugin_PR-332\ui\node_modules\@parcel\transformer-js\parcel-swc.win32-x64-msvc.node [2024-05-19T13:14:54.066Z] [INFO] [2024-05-19T13:14:54.067Z] [INFO] Error: The specified procedure could not be found. [2024-05-19T13:14:54.067Z] [INFO] \\?\C:\Jenkins\agent\workspace\ipeline-stage-view-plugin_PR-332\ui\node_modules\@parcel\transformer-js\parcel-swc.win32-x64-msvc.node [2024-05-19T13:14:54.067Z] [INFO] Error: The specified procedure could not be found. [2024-05-19T13:14:54.067Z] [INFO] at Module._extensions..node (node:internal/modules/cjs/loader:1204:18) [2024-05-19T13:14:54.067Z] [INFO] at Module.load (node:internal/modules/cjs/loader:998:32) [2024-05-19T13:14:54.067Z] [INFO] at NodePackageManager.load [2024-05-19T13:14:54.067Z] [INFO] (C:\Jenkins\agent\workspace\ipeline-stage-view-plugin_PR-332\ui\node_modules\@parcel\package-manager\lib\index.js:3374:15) [2024-05-19T13:14:54.068Z] [INFO] at NodePackageManager.requireSync [2024-05-19T13:14:54.068Z] [INFO] (C:\Jenkins\agent\workspace\ipeline-stage-view-plugin_PR-332\ui\node_modules\@parcel\package-manager\lib\index.js:3352:21) [2024-05-19T13:14:54.068Z] [INFO] at m.require [2024-05-19T13:14:54.068Z] [INFO] (C:\Jenkins\agent\workspace\ipeline-stage-view-plugin_PR-332\ui\node_modules\@parcel\package-manager\lib\index.js:3365:25) [2024-05-19T13:14:54.068Z] [INFO] at require (node:internal/modules/cjs/helpers:102:18) [2024-05-19T13:14:54.068Z] [INFO] at Object.<anonymous> [2024-05-19T13:14:54.068Z] [INFO] (C:\Jenkins\agent\workspace\ipeline-stage-view-plugin_PR-332\ui\node_modules\@parcel\transformer-js\native.js:30:20) [2024-05-19T13:14:54.068Z] [INFO] at Module._compile (node:internal/modules/cjs/loader:1120:14) [2024-05-19T13:14:54.069Z] [INFO] at Module._extensions..js (node:internal/modules/cjs/loader:1174:10) [2024-05-19T13:14:54.069Z] [INFO] at Module.load (node:internal/modules/cjs/loader:998:32)

My log around the parcel build is:
[INFO] > pipeline-stage-view@0.0.1 mvnbuild [INFO] > parcel build --public-url ./ ./src/main/js/stageview.js --dist-dir ./src/main/webapp/jsmodules && parcel build --public-url ./ ./src/main/js/stageview_adjunct.js --dist-dir ./target/generated-adjuncts/org/jenkinsci/pipeline [INFO] [INFO] ÔłÜ Built in 508ms [INFO] [INFO] src\main\webapp\jsmodules\stageview.js 295.35 KB 1.63s [INFO] src\main\webapp\jsmodules\stageview.css 57.16 KB 100ms [INFO] src\main\webapp\jsmodules\glyphicons-halflings-regular.76f64001.eot 19.86 KB 44ms [INFO] src\main\webapp\jsmodules\glyphicons-halflings-regular.61249189.woff 22.77 KB 46ms [INFO] src\main\webapp\jsmodules\glyphicons-halflings-regular.1a88f5c8.ttf 40.31 KB 43ms [INFO] src\main\webapp\jsmodules\glyphicons-halflings-regular.e72c5eba.svg 52.54 KB 4.36s [INFO] src\main\webapp\jsmodules\loading.406e174f.gif 33.6 KB 45ms [INFO]

[jglick]

see #341

[jglick]

From a quick glance, this looks like it would introduce XSS vulnerabilities.

[jiri-meluzin]

you mean this change can introduce XSS?
{{description}}
to
{{{description}}}

Would you please suggest better approach?

[jglick]

you mean this change can introduce XSS?

I do not know about the source code, but the screenshots look like a standard XSS setup.

Would you please suggest better approach?

Not doing this.

Maybe solved? Not sure, no one maintains this plugin anyway.