Markup Formatters
Jenkins allows users with the appropriate permissions to enter descriptions of various objects, like views, jobs, builds, etc. These descriptions are filtered by markup formatters. They serve two purposes:
-
Allow users to use rich formatting for these descriptions
-
Protect other users from Cross-Site Scripting (XSS) attacks
Configuring the Markup Formatter
The markup formatter can be configured in Manage Jenkins » Security » Markup Formatter.
The default markup formatter Plain text renders all descriptions as entered:
Unsafe HTML metacharacters like <
and &
are escaped, and line breaks are rendered as <br/>
HTML tags.
Another commonly installed markup formatter is Safe HTML, provided by the OWASP Markup Formatter Plugin. It allows the use of a basic, safe subset of HTML.
Security Considerations
User Profile Descriptions
Every user with an account and Overall/Read permission can edit their own user profile. This includes a description that is rendered using the configured markup formatter.
Therefore it can be unsafe to configure a markup formatter allowing arbitrary HTML even when restricting permissions like Job/Configure and Build/Update to fully trusted users: Anyone with an account will be able to edit their own description and any other user accessing their profile may become victim of an XSS attack.
This is particularly risky on publicly accessible Jenkins instances when the security realm is implemented using a service like GitHub, GitLab, or Google accounts, resulting in potentially anyone being able to log in to Jenkins and edit their own profile.