Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Excerpt


Wiki Markup
{jenkins-plugin-info:pluginId=antisamy-markup-formatter}

Description

Uses policy definitions to the OWASP AntiSamy MySpace sanitization policy to allow limited HTML markup in user-submitted text.

Configuration

Once installed The plugin is also sometimes called the "AntiSamy Markup Formatter" or the "Safe HTML Markup Formatter".

Configuration

This plugin is bundled in the Jenkins WAR file and will generally be preinstalled.

When installed, 'Safe HTML' can be selected as Markup Formatter .in "Manage Jenkins" → "Configure Global Security" → "Markup Formatter":

User-submitted text will be sanitized by removing potentially dangerous elements.

Changing or altering the policy

At least in 1.5, the "Safe HTML" plugin has no support for editing, overriding, or updating the HTML sanitization policy. A custom plugin must be built instead. See hudson.markup.RawHtmlMarkupFormatter.java .

Changelog

Version 1.5 (June 8, 2016)

  • JENKINS-31616 "Safe HTML" vulnerable to protocol-relative form action – Thank you Daniel Beck.

Version 1.4 (Unknown) – Bad release

Version 1.3 (Oct 30, 2014)

  • Minor translation fixes.

Version 1.2 (Jun 17, 2014)

  • Edited display metadata to be clearer that this is not “raw HTML”.

Version 1.1 (Apr 14, 2014)

  • Just updated to require 1.553.

Version 1.0 beta 1 (Feb 17, 2014)

  • Split out from Jenkins core (1.553).