This plugin is also known as "Safe HTML" Plugin and antisamy-markup-formatter
.
Note
|
The plugin manager contains a slightly misleading warning: While there is no "different settings format", OWASP Markup Formatter Plugin 2.0 reduced the set of allowed elements. Previously defined descriptions may no longer look the same. The plugin can be freely upgraded to 2.0 or downgraded again to 1.8, if necessary. |
About
This plugin allows formatting descriptions of jobs, builds, views, etc. in Jenkins using a safe subset of HTML.
This plugin sanitizes HTML sources using the OWASP Java HTML Sanitizer and a basic policy allowing limited HTML markup in user-submitted text.
Installation
This plugin is usually installed because it’s a suggested plugin in the setup wizard; Administrators installing the default set of plugins will also install this plugin that way.
It is also bundled in the jenkins.war
and will automatically installed as a dependency of plugins with very old (1.553 or older) Jenkins core dependencies.
Configuration
Once the plugin is installed, go to Manage Jenkins → Configure Global Security → Markup Formatter. Select Safe HTML for the Markup Formatter option.
User-submitted text, like build, job, and view descriptions, will then support HTML formatting, but will be sanitized by removing potentially dangerous elements.
About Internal Names
Both the file name antisamy-markup-formatter.hpi
and the class name RawHtmlMarkupFormatter
are misleading: Neither describes the current behavior of the plugin; both names are used for historical reasons only.