From 1da7c9cb68b607d9a560974430c80e3f823c3e64 Mon Sep 17 00:00:00 2001
From: Daniel Beck <1831569+daniel-beck@users.noreply.github.com>
Date: Thu, 14 Mar 2024 21:34:26 +0100
Subject: [PATCH] Add help text for Markup Formatter setting (#9038)

* Restore help text for Markup Formatter setting

* Update core/src/main/resources/hudson/security/GlobalSecurityConfiguration/help-markupFormatter.html

Co-authored-by: Mark Waite <mark.earl.waite@gmail.com>

* mvn -pl war frontend:yarn -Dfrontend.yarn.arguments=lint:fix

---------

Co-authored-by: Daniel Beck <daniel-beck@users.noreply.github.com>
Co-authored-by: Mark Waite <mark.earl.waite@gmail.com>
---
 .../help-markupFormatter.html                 | 37 +++++++++++++++++++
 .../model/Jenkins/help-markupFormatter.html   | 17 ---------
 .../Jenkins/help-markupFormatter_bg.html      | 15 --------
 .../Jenkins/help-markupFormatter_it.html      | 19 ----------
 .../Jenkins/help-markupFormatter_ja.html      | 18 ---------
 .../Jenkins/help-markupFormatter_zh_TW.html   | 17 ---------
 6 files changed, 37 insertions(+), 86 deletions(-)
 create mode 100644 core/src/main/resources/hudson/security/GlobalSecurityConfiguration/help-markupFormatter.html
 delete mode 100644 core/src/main/resources/jenkins/model/Jenkins/help-markupFormatter.html
 delete mode 100644 core/src/main/resources/jenkins/model/Jenkins/help-markupFormatter_bg.html
 delete mode 100644 core/src/main/resources/jenkins/model/Jenkins/help-markupFormatter_it.html
 delete mode 100644 core/src/main/resources/jenkins/model/Jenkins/help-markupFormatter_ja.html
 delete mode 100644 core/src/main/resources/jenkins/model/Jenkins/help-markupFormatter_zh_TW.html

diff --git a/core/src/main/resources/hudson/security/GlobalSecurityConfiguration/help-markupFormatter.html b/core/src/main/resources/hudson/security/GlobalSecurityConfiguration/help-markupFormatter.html
new file mode 100644
index 000000000000..b366b94e14ba
--- /dev/null
+++ b/core/src/main/resources/hudson/security/GlobalSecurityConfiguration/help-markupFormatter.html
@@ -0,0 +1,37 @@
+<div>
+  <p>
+    Jenkins shows user-provided descriptions on objects like jobs, views, or
+    builds. The markup formatter controls how those descriptions are rendered.
+  </p>
+  <p>
+    &ldquo;Plain text&rdquo; is the default formatter and renders the provided
+    description largely as entered.
+  </p>
+  <p>
+    Plugins may contribute additional markup formatters that support HTML or
+    other markup languages.
+  </p>
+  <p>
+    <strong>Note:</strong>
+    Some descriptions can be provided from possibly unexpected sources. Some
+    examples:
+  </p>
+  <ul>
+    <li>any user with an account in Jenkins can set their own description</li>
+    <li>
+      Pipelines, as well as build steps for other job types, may be configured
+      to set the current build's description
+    </li>
+  </ul>
+  <p>
+    Using a markup formatter that renders user input verbatim as HTML may allow
+    <a
+      href="https://en.wikipedia.org/wiki/Cross-site_scripting"
+      target="_blank"
+      rel="noopener noreferrer"
+    >
+      cross-site scripting
+    </a>
+    attacks.
+  </p>
+</div>
diff --git a/core/src/main/resources/jenkins/model/Jenkins/help-markupFormatter.html b/core/src/main/resources/jenkins/model/Jenkins/help-markupFormatter.html
deleted file mode 100644
index 6f1cde576fbf..000000000000
--- a/core/src/main/resources/jenkins/model/Jenkins/help-markupFormatter.html
+++ /dev/null
@@ -1,17 +0,0 @@
-<div>
-  In such places as project description, user description, view description, and
-  build description, Jenkins allows users to enter some free-form text that
-  describes something. This configuration determines how such free-form text is
-  converted to HTML. By default, Jenkins treats the text as HTML and use it
-  as-is unmodified (and this is default mainly because of the backward
-  compatibility.)
-
-  <p>
-    While this is convenient and people often use it to load &lt;iframe>,
-    &lt;script>. and so on to mash up data from other sources, this capability
-    enables malicious users to mount
-    <a href="https://en.wikipedia.org/wiki/Cross-site_scripting">XSS attacks</a>
-    . If the risk outweighs the benefit, install additional markup formatter
-    plugins and use them.
-  </p>
-</div>
diff --git a/core/src/main/resources/jenkins/model/Jenkins/help-markupFormatter_bg.html b/core/src/main/resources/jenkins/model/Jenkins/help-markupFormatter_bg.html
deleted file mode 100644
index 11956b33baee..000000000000
--- a/core/src/main/resources/jenkins/model/Jenkins/help-markupFormatter_bg.html
+++ /dev/null
@@ -1,15 +0,0 @@
-<div>
-  На места като описанията на проект, потребител, изглед или изграждане, Jenkins
-  ви позволява да въведете свободен, описателен текст. Тази настройка определя
-  как този свободен текст се преобразува до HTML. Стандартно счита текста за
-  HTML и го ползва както е (това поведение е за съвместимост с предишни версии).
-
-  <p>
-    Това е доста удобно и хората го ползват, за да зареждат &lt;iframe>,
-    &lt;script> и т.н., това позволява на недобронамерените потребители да
-    извършат атаки чрез
-    <a href="https://en.wikipedia.org/wiki/Cross-site_scripting">XSS</a>
-    . Ако рискът е прекомерно голям, инсталирайте допълнителна приставка за
-    форматиране на текста и ползвайте нея.
-  </p>
-</div>
diff --git a/core/src/main/resources/jenkins/model/Jenkins/help-markupFormatter_it.html b/core/src/main/resources/jenkins/model/Jenkins/help-markupFormatter_it.html
deleted file mode 100644
index 031b6aded0bf..000000000000
--- a/core/src/main/resources/jenkins/model/Jenkins/help-markupFormatter_it.html
+++ /dev/null
@@ -1,19 +0,0 @@
-<div>
-  Jenkins, in campi come la descrizione di un progetto, di un utente, di una
-  vista e di una compilazione, consente agli utenti di immettere del testo
-  libero che descriva qualcosa. Questa configurazione determina la modalità in
-  cui tale testo libero viene convertito in HTML. Per impostazione predefinita,
-  Jenkins tratta il testo come HTML e lo utilizza senza modifiche (questa è
-  l'impostazione predefinita principalmente per motivi di retrocompatibilità).
-
-  <p>
-    Quest'opzione è comoda e gli utenti spesso la utilizzano per caricare
-    &lt;iframe>, &lt;script> e altri tag per combinare dati da più sorgenti, ma
-    consente a utenti malevoli di portare a termine
-    <a href="https://it.wikipedia.org/wiki/Cross-site_scripting">
-      attacchi XSS
-    </a>
-    . Se i rischi superano i benefici, si installino componenti aggiuntivi per
-    la formattazione del markup e li si usino.
-  </p>
-</div>
diff --git a/core/src/main/resources/jenkins/model/Jenkins/help-markupFormatter_ja.html b/core/src/main/resources/jenkins/model/Jenkins/help-markupFormatter_ja.html
deleted file mode 100644
index 40ee45eecfcf..000000000000
--- a/core/src/main/resources/jenkins/model/Jenkins/help-markupFormatter_ja.html
+++ /dev/null
@@ -1,18 +0,0 @@
-<div>
-  プロジェクト、ユーザー、ビューそしてビルドの説明などのような入力箇所では、フリーフォーマットのテキストを入力することができます。
-  この設定で、そのフリーフォーマットのテキストをどのようにHTMLに変換するかを決定します。
-  デフォルトでは、テキストをHTMLとして扱い、変更することなくそのまま使用します(主に後方互換のためです)。
-
-  <p>
-    これはとても便利なので、&lt;iframe>,
-    &lt;script>をロードするために、また他のソースからのデータを取り込むためによく使用しますが、
-    悪意のあるユーザーが
-    <a
-      href="https://ja.wikipedia.org/wiki/%E3%82%AF%E3%83%AD%E3%82%B9%E3%82%B5%E3%82%A4%E3%83%88%E3%82%B9%E3%82%AF%E3%83%AA%E3%83%97%E3%83%86%E3%82%A3%E3%83%B3%E3%82%B0"
-    >
-      クロスサイトスクリプティング
-    </a>
-    をしかけることを容易にしてしまいます。
-    便利さより危険性を重視するなら、他のフォーマッタープラグインをインストールして使用してください。
-  </p>
-</div>
diff --git a/core/src/main/resources/jenkins/model/Jenkins/help-markupFormatter_zh_TW.html b/core/src/main/resources/jenkins/model/Jenkins/help-markupFormatter_zh_TW.html
deleted file mode 100644
index 6a737ac54f43..000000000000
--- a/core/src/main/resources/jenkins/model/Jenkins/help-markupFormatter_zh_TW.html
+++ /dev/null
@@ -1,17 +0,0 @@
-<div>
-  Jenkins
-  可以讓您自由輸入描述文字在專案說明、使用者說明、視景說明及建置說明...這些地方。
-  這個設定決定怎麼把您輸入的文字轉換成 HTML。Jenkins 預設把這些文字當做 HTML
-  直接拿來顯示 (這個預設值主要是為了跟舊版相容)。
-
-  <p>
-    這樣很方便，大家常用來載入 &lt;iframe> 或 &lt;script>，整合其他來源的資料。
-    但是也有可能被惡意使用者掛上
-    <a
-      href="https://zh.wikipedia.org/wiki/%E8%B7%A8%E7%B6%B2%E7%AB%99%E6%8C%87%E4%BB%A4%E7%A2%BC"
-    >
-      XSS 攻擊
-    </a>
-    。 如果您評估的風險大過好處，請另外安裝使用標記格式外掛程式。
-  </p>
-</div>