show parameters readonly

also removes the injected inline javascript for checkboxes with `readonly` attribute set.
2025-08-08 21:47:52 +02:00 · 2025-08-08 21:47:52 +02:00 · a5bb0fd919
parent 683a124ae2
commit a5bb0fd919
6 changed files with 23 additions and 15 deletions
--- a/core/src/main/resources/hudson/model/BooleanParameterValue/value.jelly
+++ b/core/src/main/resources/hudson/model/BooleanParameterValue/value.jelly
@ -28,6 +28,6 @@ THE SOFTWARE.
 	xmlns:i="jelly:fmt" xmlns:p="/lib/hudson/project">
    <j:set var="escapeEntryTitleAndDescription" value="false"/>
    <f:entry description="${it.formattedDescription}">
-        <f:checkbox title="${h.escape(it.name)}" name="value" checked="${it.value}" readonly="true" />
+      <f:checkbox title="${h.escape(it.name)}" name="value" checked="${it.value}"/>
    </f:entry>
 </j:jelly>
--- a/core/src/main/resources/hudson/model/ParametersAction/index.jelly
+++ b/core/src/main/resources/hudson/model/ParametersAction/index.jelly
@ -35,6 +35,7 @@ THE SOFTWARE.
    <l:main-panel>
 	  <t:buildCaption it="${build}">${title}</t:buildCaption>
      <j:set var="escapeEntryTitleAndDescription" value="true" /> <!-- SECURITY-353 defense unless overridden -->
+      <j:set var="readOnlyMode" value="true"/>
      <j:forEach var="parameterValue" items="${it.parameters}">
 	    <st:include it="${parameterValue}" page="value.jelly" />
      </j:forEach>
--- a/core/src/main/resources/hudson/model/StringParameterValue/value.jelly
+++ b/core/src/main/resources/hudson/model/StringParameterValue/value.jelly
@ -24,10 +24,10 @@ THE SOFTWARE.

 <?jelly escape-by-default='true'?>
 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define"
-	xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form"
-	xmlns:i="jelly:fmt" xmlns:p="/lib/hudson/project">
-        <j:set var="escapeEntryTitleAndDescription" value="false"/>
-        <f:entry title="${h.escape(it.name)}" description="${it.formattedDescription}">
-		<f:textbox name="value" value="${it.value}" readonly="true" />
-	</f:entry>
+         xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form"
+         xmlns:i="jelly:fmt" xmlns:p="/lib/hudson/project">
+  <j:set var="escapeEntryTitleAndDescription" value="false"/>
+  <f:entry title="${h.escape(it.name)}" description="${it.formattedDescription}">
+    <f:textbox name="value" value="${it.value}"/>
+  </f:entry>
 </j:jelly>
--- a/core/src/main/resources/hudson/model/TextParameterValue/value.jelly
+++ b/core/src/main/resources/hudson/model/TextParameterValue/value.jelly
@ -26,8 +26,9 @@ THE SOFTWARE.
 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define"
 	xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form"
 	xmlns:i="jelly:fmt" xmlns:p="/lib/hudson/project">
-        <j:set var="escapeEntryTitleAndDescription" value="false"/>
-        <f:entry title="${h.escape(it.name)}" description="${it.formattedDescription}">
-		<f:textarea name="value" value="${it.value}" readonly="readonly" />
-	</f:entry>
+    <j:set var="escapeEntryTitleAndDescription" value="false"/>
+    <f:entry title="${h.escape(it.name)}" description="${it.formattedDescription}">
+      <j:set var="readOnlyMode" value="true"/>
+      <f:textarea name="value" value="${it.value}"/>
+    </f:entry>
 </j:jelly>
--- a/core/src/main/resources/lib/form/checkbox.jelly
+++ b/core/src/main/resources/lib/form/checkbox.jelly
@ -83,9 +83,9 @@ THE SOFTWARE.
           name="${name}"
           value="${attrs.value}"
           title="${attrs.tooltip}"
-           onclick="${attrs.readonly=='true' ? 'return false;' : attrs.onclick}" id="${attrs.id}" class="${attrs.class} ${attrs.negative!=null ? 'negative' : null} ${attrs.checkUrl!=null?'validated':''}"
+           onclick="${attrs.readonly=='true' ? null : attrs.onclick}" id="${attrs.id}" class="${attrs.class} ${attrs.negative!=null ? 'negative' : null} ${attrs.checkUrl!=null?'validated':''}"
           checkUrl="${attrs.checkUrl}" checkDependsOn="${attrs.checkDependsOn}" json="${attrs.json}"
-           disabled="${readOnlyMode ? 'true' : null}"
+           disabled="${readOnlyMode or attrs.readonly=='true' ? 'true' : null}"
           checked="${value ? 'true' : null}"/>
    <label class="attach-previous ${attrs.title == null ? 'js-checkbox-label-empty' : ''}"
           title="${attrs.tooltip}">${attrs.title}</label>
--- a/core/src/main/resources/lib/form/radio.jelly
+++ b/core/src/main/resources/lib/form/radio.jelly
@ -24,7 +24,7 @@ THE SOFTWARE.

 <?jelly escape-by-default='true'?>
 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define">
- <st:documentation> <![CDATA[
+  <st:documentation> <![CDATA[
    <input type="radio"> tag that takes true/false for @checked, which is more Jelly friendly.

    Note that Safari doesn't support onchange.
@ -38,7 +38,13 @@ THE SOFTWARE.
    <st:attribute name="checked" />
    <st:attribute name="value" />
    <st:attribute name="id" />
-    <st:attribute name="onclick" />
+    <st:attribute name="onclick" deprecated="true">
+      Inline JavaScript to execute when the checkbox is clicked.
+      Deprecated because this attribute is incompatible with adding Content-Security-Policy to the Jenkins UI in the future.
+      Set 'id' or 'class' attributes as appropriate to look up this element in external Javascript files (e.g. adjuncts)
+      to add the desired behavior there (DOMContentLoaded event in static forms, Behaviour.specify if this element may be
+      dynamically added). See https://github.com/jenkinsci/jenkins/pull/6852 for an example.
+    </st:attribute>
    <st:attribute name="title">
      If specified, this human readable text will follow the radio, and clicking this text also
      toggles the radio.