Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-44458

Using JavaScript in description field should require explicit configuration

XMLWordPrintable

    • 1
    • 3
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      Problem Definition

      Currently you can use JavaScript in any description field. This can modify JIRA behaviour in very strange way. There is no way to trace that from configuration point of view. More over you can't see added JavaScript code in Debugger, which makes troubleshooting very hard.

      Suggested Solution

      1. Disable JavaScript in Description field by default
      2. Make special configuration option to enable JavaScript in that field
        • Enable HTML in custom field descriptions and list item values.
      3. wrap the code in
        <script type='text/javascript'>
        ...
        //# sourceURL= <GENERATED_PLACE_HOLDER>.js
        </script>
        
      4. Make UI/cli report which shows list of fields with JavaScript

      Notes

      Starting from Jira 8.7.0, we will switch the default option of "Enable HTML in custom field descriptions and list item values" to OFF - see JRASERVER-70858, JRASERVER-70859

      Workaround

      Partial, add line to your JavaScript code //# sourceURL= <GENERATED_PLACE_HOLDER>.js, so it will be visible to debugger.

              Unassigned Unassigned
              ayakovlev@atlassian.com Andriy Yakovlev [Atlassian]
              Votes:
              2 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: