Escape newSource field when checking it's value via Ajax. Fix #1401 (#1402)

URLs with special characters need to be escaped when checking the Yaml they are pointing to. Example of such URL are S3 presigned URL: `https://jenkins-jcas-185562170416.s3.amazonaws.com/jenkins-conf.yml?AWSAccessKeyId=AKE123456789&Signature=HelloWorldJ%2F5QKc6TlbeHw%3D&Expires=1590364679`.
2020-05-25 08:14:45 +02:00 · 2020-05-25 08:14:45 +02:00 · 68f35e44ce
parent fd11e16a6b
commit 68f35e44ce
1 changed files with 1 additions and 1 deletions
--- a/plugin/src/main/resources/io/jenkins/plugins/casc/ConfigurationAsCode/index.jelly
+++ b/plugin/src/main/resources/io/jenkins/plugins/casc/ConfigurationAsCode/index.jelly
@ -30,7 +30,7 @@
      <f:form method="post" action="replace" name="replace">
          <h2>${%Replace configuration source with:}</h2>
          <f:entry title="${%Path or URL}" field="newSource" >
-              <f:textbox checkUrl="'checkNewSource?newSource='+this.value" checkMethod="post" />
+              <f:textbox checkUrl="'checkNewSource?newSource='+escape(this.value)" checkMethod="post" />
          </f:entry>
          <f:bottomButtonBar>
              <f:submit name="replace" value="${%Apply new configuration}"/>