[JENKINS-74897] Address CSP violations (#335)

yaroslavafenkin · MarkEWaite · web-flow · commit f6c805aa76a2 · 2026-01-01T09:07:40.000-07:00
* [JENKINS-74897] Extract inline handlers from `TestNGTestResultBuildAction/reportDetails.groovy` * [JENKINS-74897] Extract inline scripts from `PackageResult/reportDetail.groovy` * [JENKINS-74897] Extract inline JavaScript from `ClassResult/reportDetail.groovy` * [JENKINS-74897] Restore hrefs on `a` tags for `cursor: pointer` --------- Co-authored-by: Mark Waite <mark.earl.waite@gmail.com>
diff --git a/src/main/resources/hudson/plugins/testng/TestNGTestResultBuildAction/reportDetail.groovy b/src/main/resources/hudson/plugins/testng/TestNGTestResultBuildAction/reportDetail.groovy
@@ -8,13 +8,13 @@ l = namespace(lib.LayoutTagLib)
 t = namespace("/lib/hudson")
 st = namespace("jelly:stapler")
 
-script(src: "${app.rootUrl}/plugin/testng-plugin/js/toggle_table.js")
-script(src: "${app.rootUrl}/plugin/testng-plugin/js/toggle_mthd_summary.js")
+script(src: "${resURL}/plugin/testng-plugin/js/toggle_table.js")
+script(src: "${resURL}/plugin/testng-plugin/js/toggle_mthd_summary.js")
 
 h2("Failed Tests")
 
 if (my.result.failCount != 0) {
-    a(href: "javascript:toggleTable('fail-tbl')") {
+    a(href: "", class: "testng-toggle-table", "data-toggle-table-id": "fail-tbl") {
         text("hide/expand the table")
     }
     table(id:"fail-tbl", border:"1px", class:"pane sortable") {
@@ -34,10 +34,12 @@ if (my.result.failCount != 0) {
                 def failedTestSafeUpUrl = Functions.jsStringEscape(failedTest.upUrl)
                 tr() {
                     td(align: "left") {
-                        a(id: "${failedTest.id}-showlink", href:"javascript:showStackTrace('${failedTestSafeId}', '${failedTestSafeUpUrl}/summary')") {
+                        a(href: "", id: "${failedTest.id}-showlink", class: "testng-show-stack-trace",
+                                "data-failed-test-safe-id": "${failedTestSafeId}", "data-failed-test-safe-up-url": "${failedTestSafeUpUrl}/summary") {
                             text(">>>")
                         }
-                        a(style: "display:none", id: "${failedTest.id}-hidelink", href:"javascript:hideStackTrace('${failedTestSafeId}')") {
+                        a(href: "", style: "display:none", id: "${failedTest.id}-hidelink", class: "testng-hide-stack-trace",
+                                "data-failed-test-safe-id": "${failedTestSafeId}") {
                             text("<<<")
                         }
                         text(" ")
@@ -76,7 +78,7 @@ if (my.result.skippedConfigCount != 0) {
 
 h2("All Tests (grouped by their packages)")
 
-a(href:"javascript:toggleTable('all-tbl')") {
+a(href: "", class: "testng-toggle-table", "data-toggle-table-id": "all-tbl") {
     text("hide/expand the table")
 }
 
@@ -158,7 +160,7 @@ table(id:"all-tbl", border:"1px", class:"pane sortable") {
  * @return nothing
  */
 def printMethods(type, tableName, methodList, showMoreArrows) {
-    a(href: "javascript:toggleTable('${tableName}')") {
+    a(href: "", class: "testng-toggle-table", "data-toggle-table-id": "${tableName}") {
         text("hide/expand the table")
     }
     table(id:tableName, border:"1px", class:"pane sortable") {
@@ -176,10 +178,12 @@ def printMethods(type, tableName, methodList, showMoreArrows) {
                 tr() {
                     td(align: "left") {
                         if (showMoreArrows) {
-                            a(id: "${method.id}-showlink", href:"javascript:showStackTrace('${methodSafeId}', '${methodSafeUpUrl}/summary')") {
+                            a(href: "", id: "${method.id}-showlink", class: "testng-show-stack-trace",
+                                    "data-failed-test-safe-id": "${methodSafeId}", "data-failed-test-safe-up-url": "${methodSafeUpUrl}/summary") {
                                 text(">>>")
                             }
-                            a(style: "display:none", id: "${method.id}-hidelink", href:"javascript:hideStackTrace('${methodSafeId}')") {
+                            a(href: "", style: "display:none", id: "${method.id}-hidelink", class: "testng-hide-stack-trace",
+                                    "data-failed-test-safe-id": "${methodSafeId}") {
                                 text("<<<")
                             }
                             text(" ")
diff --git a/src/main/resources/hudson/plugins/testng/results/ClassResult/reportDetail.groovy b/src/main/resources/hudson/plugins/testng/results/ClassResult/reportDetail.groovy
@@ -53,7 +53,7 @@ for (group in my.testRunMap.values()) {
                                 if (method.groups || method.testInstanceName || method.parameters?.size() > 0) {
                                     div(id:"${method.safeName}_1", style:"display:inline") {
                                         text(" (")
-                                        a(href:"javascript:showMore(\"${methodJsSafeName}\")") {
+                                        a(href: "", class: "testng-show-more", "data-method-name": "${methodJsSafeName}") {
                                             raw("&hellip;")
                                         }
                                         text(")")
diff --git a/src/main/resources/hudson/plugins/testng/results/PackageResult/report-detail.js b/src/main/resources/hudson/plugins/testng/results/PackageResult/report-detail.js
@@ -0,0 +1,22 @@
+// Loads data for all the methods
+function showAllExecMthds() {
+    thisPkgResult.getAllSortedTestMethodsByStartTime(function (t) {
+        document.getElementById("sortedMethods").innerHTML = t.responseObject();
+    });
+    document.getElementById("showAllLink").style.display = "none";
+}
+
+document.addEventListener("DOMContentLoaded", () => {
+    // following script loads the initial table data
+    thisPkgResult.getFirstXSortedTestMethodsByStartTime(function(t) {
+        document.getElementById('sortedMethods').innerHTML = t.responseObject();
+    });
+
+    const showAllButton = document.querySelector(".testng-show-all-exec-methods");
+    if (showAllButton !== null) {
+        showAllButton.addEventListener("click", (event) => {
+            event.preventDefault();
+            showAllExecMthds();
+        });
+    }
+});
diff --git a/src/main/resources/hudson/plugins/testng/results/PackageResult/reportDetail.groovy b/src/main/resources/hudson/plugins/testng/results/PackageResult/reportDetail.groovy
@@ -7,20 +7,13 @@ l = namespace(lib.LayoutTagLib)
 t = namespace("/lib/hudson")
 st = namespace("jelly:stapler")
 
-script(src:"${app.rootUrl}/plugin/testng-plugin/js/toggle_table.js")
+script(src:"${resURL}/plugin/testng-plugin/js/toggle_table.js")
 //see https://issues.jenkins-ci.org/browse/JENKINS-18867 & https://issues.jenkins-ci.org/browse/JENKINS-18875
-st.bind(var:"thisPkgResult", value:my)
-script() {
-    text("//Loads data for all the methods")
-    text("\nfunction showAllExecMthds() {")
-    text("\nthisPkgResult.getAllSortedTestMethodsByStartTime(function(t) {")
-    text("\ndocument.getElementById('sortedMethods').innerHTML = t.responseObject();")
-    text("\n})")
-    text("\ndocument.getElementById(\"showAllLink\").style.display = \"none\"; }")
-}
+st.bind(var:"thisPkgResult", value: my)
+st.adjunct(includes: "hudson.plugins.testng.results.PackageResult.report-detail")
 
 h2("All Classes")
-a(href:"javascript:toggleTable('allClasses')") {
+a(href: "", class: "testng-toggle-table", "data-toggle-table-id": "allClasses") {
     text("hide/expand the table")
 }
 
@@ -100,13 +93,13 @@ if (my.sortedTestMethodsByStartTime) {
         div(id:"showAllLink") {
             p() {
                 text("Showing only first ${my.MAX_EXEC_MTHD_LIST_SIZE} test methods. ")
-                a(href:"javascript:showAllExecMthds()") {
+                a(href: "", class: "testng-show-all-exec-methods") {
                     text("Click to see all")
                 }
             }
         }
     }
-    a(href:"javascript:toggleTable('exec-tbl')") {
+    a(href: "", class: "testng-toggle-table", "data-toggle-table-id": "exec-tbl") {
         text("hide/expand the table")
     }
     table(border:"1px", class:"pane sortable", id:"exec-tbl") {
@@ -136,12 +129,3 @@ if (my.sortedTestMethodsByStartTime) {
 } else {
     div("No Tests found or all Tests were skipped")
 }
-
-//following script loads the initial table data
-script() {
-    text("\nvar foo = ")
-    st.bind(value:my)
-    text("\nfoo.getFirstXSortedTestMethodsByStartTime(function(t) {")
-    text("\ndocument.getElementById('sortedMethods').innerHTML = t.responseObject();")
-    text("\n})")
-}
diff --git a/src/main/webapp/js/show_more.js b/src/main/webapp/js/show_more.js
@@ -1,4 +1,15 @@
 function showMore(id) {
     document.getElementById(id + "_1").style.display = "none";
     document.getElementById(id + "_2").style.display = "";
-}
+}
+
+document.addEventListener("DOMContentLoaded", () => {
+    document.querySelectorAll(".testng-show-more").forEach((button) => {
+        button.addEventListener("click", (event) => {
+            event.preventDefault();
+            const { methodName } = event.target.dataset;
+
+            showMore(methodName);
+        })
+    });
+});
diff --git a/src/main/webapp/js/toggle_mthd_summary.js b/src/main/webapp/js/toggle_mthd_summary.js
@@ -14,4 +14,24 @@ function hideStackTrace(id) {
     document.getElementById(id).style.display = "none";
     document.getElementById(id + "-showlink").style.display = "";
     document.getElementById(id + "-hidelink").style.display = "none";
-}
+}
+
+document.addEventListener("DOMContentLoaded", () => {
+    document.querySelectorAll(".testng-show-stack-trace").forEach((button) => {
+        button.addEventListener("click", (event) => {
+            event.preventDefault();
+            const { failedTestSafeId, failedTestSafeUpUrl } = event.target.closest(".testng-show-stack-trace").dataset;
+
+            showStackTrace(failedTestSafeId, failedTestSafeUpUrl);
+        });
+    });
+
+    document.querySelectorAll(".testng-hide-stack-trace").forEach((button) => {
+        button.addEventListener("click", (event) => {
+            event.preventDefault();
+            const { failedTestSafeId } = event.target.closest(".testng-hide-stack-trace").dataset;
+
+            hideStackTrace(failedTestSafeId);
+        });
+    });
+});
diff --git a/src/main/webapp/js/toggle_table.js b/src/main/webapp/js/toggle_table.js
@@ -5,4 +5,15 @@ function toggleTable(id) {
     } else if (document.getElementById(id).style.display == "") {
         document.getElementById(id).style.display = "none";
     }
-}
+}
+
+document.addEventListener("DOMContentLoaded", () => {
+    document.querySelectorAll(".testng-toggle-table").forEach((toggle) => {
+        toggle.addEventListener("click", (event) => {
+            event.preventDefault();
+            const { toggleTableId } = event.target.dataset;
+
+            toggleTable(toggleTableId);
+        });
+    });
+});

Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@ for (group in my.testRunMap.values()) {`
`53`	`53`	`if (method.groups \|\| method.testInstanceName \|\| method.parameters?.size() > 0) {`
`54`	`54`	`div(id:"${method.safeName}_1", style:"display:inline") {`
`55`	`55`	`text(" (")`
`56`		`- a(href:"javascript:showMore(\"${methodJsSafeName}\")") {`
	`56`	`+ a(href: "", class: "testng-show-more", "data-method-name": "${methodJsSafeName}") {`
`57`	`57`	`raw("…")`
`58`	`58`	`}`
`59`	`59`	`text(")")`