Preventing Javascript

* Preventing Javascript from being executed when added to fields in admin view. * Also found that if several notifications were triggered by a button only first would trigger if it failed without response. Also logging were broken in this case.
tomasbjerre · Aug 11, 2016 · 484f083 · 484f083
1 parent fe0d68f
commit 484f083
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 14 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,10 +3,23 @@
 Changelog of Pull Request Notifier for Bitbucket.
 
 ## Unreleased
+### GitHub [#132](https://github.com/tomasbjerre/pull-request-notifier-for-bitbucket/issues/132) How to trigger Jenkins 2.1 with parameters
+  Better documenting how to trigger Jenkins
+
+  [fe0d68fed224d5e](https://github.com/tomasbjerre/pull-request-notifier-for-bitbucket/commit/fe0d68fed224d5e) Tomas Bjerre *2016-07-31 19:37:11*
+
+### No issue
+  Preventing Javascript
+
+ * Preventing Javascript from being executed when added to fields in admin view.
+
+  [1bf663392161c2d](https://github.com/tomasbjerre/pull-request-notifier-for-bitbucket/commit/1bf663392161c2d) Tomas Bjerre *2016-08-11 17:38:18*
+
+## 2.34
 ### GitHub [#137](https://github.com/tomasbjerre/pull-request-notifier-for-bitbucket/issues/137) Triigger build button appears in the merged PR view too.
   Adding PULL_REQUEST_STATE variable
 
-  [064030fe3420fe0](https://github.com/tomasbjerre/pull-request-notifier-for-bitbucket/commit/064030fe3420fe0) Tomas Bjerre *2016-07-30 08:48:07*
+  [2455b339fceebf4](https://github.com/tomasbjerre/pull-request-notifier-for-bitbucket/commit/2455b339fceebf4) Tomas Bjerre *2016-07-30 08:49:20*
 
 ## 2.33
 ### GitHub [#134](https://github.com/tomasbjerre/pull-request-notifier-for-bitbucket/issues/134) Not able to see PR buttons

diff --git a/src/main/java/se/bjurr/prnfb/http/UrlInvoker.java b/src/main/java/se/bjurr/prnfb/http/UrlInvoker.java
@@ -161,7 +161,11 @@ public HttpResponse invoke() {
   configureProxy(builder);
 
   this.response = doInvoke(httpRequestBase, builder);
-  LOG.debug(this.response.getContent());
+  if (LOG.isDebugEnabled()) {
+   if (this.response != null) {
+    LOG.debug(this.response.getContent());
+   }
+  }
 
   return this.response;
  }
@@ -346,7 +350,9 @@ HttpResponse doInvoke(HttpRequestBase httpRequestBase, HttpClientBuilder builder
    LOG.error("", e);
   } finally {
    try {
-    httpResponse.close();
+    if (httpResponse != null) {
+     httpResponse.close();
+    }
    } catch (IOException e) {
     propagate(e);
    }

diff --git a/src/main/java/se/bjurr/prnfb/transformer/ButtonTransformer.java b/src/main/java/se/bjurr/prnfb/transformer/ButtonTransformer.java
@@ -46,11 +46,16 @@ public static PrnfbButton toPrnfbButton(ButtonDTO buttonDto) {
  public static ButtonPressDTO toTriggerResultDto(PrnfbButton button, List<NotificationResponse> results) {
   List<NotificationResponseDTO> notificationResponses = newArrayList();
   for (NotificationResponse from : results) {
-   String content = from.getHttpResponse().getContent();
-   int status = from.getHttpResponse().getStatus();
+   String content = null;
+   int status = 0;
+   URI uri = null;
+   if (from.getHttpResponse() != null) {
+    content = from.getHttpResponse().getContent();
+    status = from.getHttpResponse().getStatus();
+    uri = from.getHttpResponse().getUri();
+   }
    UUID notification = from.getNotification();
    String notificationName = from.getNotificationName();
-   URI uri = from.getHttpResponse().getUri();
    notificationResponses.add(new NotificationResponseDTO(uri, content, status, notification, notificationName));
   }
   return new ButtonPressDTO(button.getConfirmation(), notificationResponses);

diff --git a/src/main/resources/pr-triggerbutton.js b/src/main/resources/pr-triggerbutton.js
@@ -23,16 +23,16 @@ define('plugin/prnfb/pr-triggerbutton', [
      AJS.flag({
       close: 'auto',
       type: 'success',
-      title: notificationResponse.notificationName,
+      title: notificationResponse.notificationName.replace(/<script>/g,'script'),
       body: '<p>You may check network tab in web browser for exact URL and response.</p>'
      });
     } else {
      AJS.flag({
       close: 'auto',
       type: 'error',
-      title: notificationResponse.notificationName,
+      title: notificationResponse.notificationName.replace(/<script>/g,'script'),
       body: '<p>' + notificationResponse.status + ' ' + notificationResponse.uri + '</p>' +
-       '<p>' + notificationResponse.content + '</p>'
+       '<p>You may check network tab in web browser for exact URL and response.</p>'
      });
     }
    }
@@ -61,7 +61,7 @@ define('plugin/prnfb/pr-triggerbutton', [
  function loadSettingsAndShowButtons() {
   $.get(buttonsAdminUrl + '/repository/' + pageState.getRepository().id + '/pullrequest/' + pageState.getPullRequest().id, function(settings) {
    settings.forEach(function(item) {
-    var $buttonDropdownItem = buttonTemplate(item.name);
+    var $buttonDropdownItem = buttonTemplate(item.name.replace(/<script>/g,'script'));
     $buttonDropdownItem.click(function() {
      var $this = $(this);
      $this.attr("disabled", "disabled");
@@ -87,7 +87,7 @@ define('plugin/prnfb/pr-triggerbutton', [
         close: 'auto',
         type: 'error',
         title: "Unknown error",
-        body: '<p>' + content.status + ' ' + content.statusText + '</p>' + '<p>Check the Bitbucket Server log for more details.</p>'
+        body: '<p>' + content.status + '</p>' + '<p>Check the Bitbucket Server log for more details.</p>'
        });
       }
      });

diff --git a/src/main/resources/utils.js b/src/main/resources/utils.js
@@ -22,8 +22,8 @@ define('plugin/prnfb/utils', [
     AJS.messages.error(".statusresponse", {
      title: 'Error',
      body: '<p>' +
-      'Sent POST ' + url + ':<br/><code>' + jsonString + '</code><br/><br/>' +
-      'Got:<br/><code>' + xhr.responseText + '</code><br/><br/>' +
+      'Sent POST ' + url + ':<br/><code>' + jsonString.replace(/<script>/g,'script') + '</code><br/><br/>' +
+      'Got:<br/><code>' + xhr.responseText.replace(/<script>/g,'script') + '</code><br/><br/>' +
       '</p>'
     });
     $("html, body").animate({
@@ -204,7 +204,9 @@ define('plugin/prnfb/utils', [
     $(formSelector + ' [name=uuid]').empty();
     $(formSelector + ' [name=uuid]').append('<option value="">New</option>');
     for (var i = 0; i < data.length; i++) {
-     $(formSelector + ' [name=uuid]').append('<option value="' + data[i].uuid + '">' + (data[i].projectKey || '') + ' ' + (data[i].repositorySlug || '') + ' ' + data[i].name + '</option>');
+     var name = data[i].name;
+     name = name.replace(/<script>/g,'script')
+     $(formSelector + ' [name=uuid]').append('<option value="' + data[i].uuid + '">' + (data[i].projectKey || '') + ' ' + (data[i].repositorySlug || '') + ' ' + name + '</option>');
     }
    });
    clearForm(formSelector);