How to identify fields with custom Javascript in their description in Jira

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Fisheye および Crucible は除く

 

要約

As an admin, you may want to find which custom fields have custom scripts in their description. It may be useful to track code that could be interfering with page rendering, page performance or missing content.

These custom javascripts in field descriptions are often used to tweak visual elements in Jira when the fields are present, but can also change much more appearance and even fields behavior in Jira.

環境

All versions of Jira Core 7.x, 8.x and 9.x.

ソリューション

The following SQL queries will show all fields that potentially have custom javascript code in them. There may be false-positives as the comparisons match words like "script", "html" and "css":

These queries were written and tested on PostgreSQL. If you're having issues executing them on a different DB product you may need to tweak the syntax accordingly.

select * from customfield where lower(cast(description as varchar)) like '%<javascript%' or lower(cast(description as varchar)) like '%<script%' or lower(cast(description as varchar)) like '%html%' or lower(cast(description as varchar)) like '%css%';

select * from fieldconfigscheme where lower(cast(description as varchar)) like '%<javascript%' or lower(cast(description as varchar)) like '%<script%' or lower(cast(description as varchar)) like '%html%' or lower(cast(description as varchar)) like '%css%';

select * from fieldconfiguration where lower(cast(description as varchar)) like '%<javascript%' or lower(cast(description as varchar)) like '%<script%' or lower(cast(description as varchar)) like '%html%' or lower(cast(description as varchar)) like '%css%';

select * from fieldlayoutitem where lower(cast(description as varchar)) like '%<javascript%' or lower(cast(description as varchar)) like '%<script%' or lower(cast(description as varchar)) like '%html%' or lower(cast(description as varchar)) like '%css%';

select * from propertytext where id in (select id from propertyentry where property_key='jira.alertheader');
The custom script will be in the "description" column. The last query outputs the announcement banner, which is a known potential cause of interference when it has custom scripts or HTML code.

Disabling the "Enable HTML in custom field descriptions and list item values" would also prevent all description-embedded javascripts from executing — even if they're present in the fields. You can toggle it on Admin > System > General configuration > Edit preferences.

  • The configuration for "Enable HTML in custom field descriptions and list item values" is now disabled by default since Jira 8.7 as per JRASERVER-70859 - Getting issue details... STATUS .

最終更新日 2023 年 5 月 12 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.