How to identify fields with custom Javascript in their description in Jira
プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Fisheye および Crucible は除く
要約
As an admin, you may want to find which custom fields have custom scripts in their description. It may be useful to track code that could be interfering with page rendering, page performance or missing content.
These custom javascripts in field descriptions are often used to tweak visual elements in Jira when the fields are present, but can also change much more appearance and even fields behavior in Jira.
環境
All versions of Jira Core 7.x, 8.x and 9.x.
ソリューション
The following SQL queries will show all fields that potentially have custom javascript code in them. There may be false-positives as the comparisons match words like "script", "html" and "css":
These queries were written and tested on PostgreSQL. If you're having issues executing them on a different DB product you may need to tweak the syntax accordingly.
select * from customfield where lower(cast(description as varchar)) like '%<javascript%' or lower(cast(description as varchar)) like '%<script%' or lower(cast(description as varchar)) like '%html%' or lower(cast(description as varchar)) like '%css%';
select * from fieldconfigscheme where lower(cast(description as varchar)) like '%<javascript%' or lower(cast(description as varchar)) like '%<script%' or lower(cast(description as varchar)) like '%html%' or lower(cast(description as varchar)) like '%css%';
select * from fieldconfiguration where lower(cast(description as varchar)) like '%<javascript%' or lower(cast(description as varchar)) like '%<script%' or lower(cast(description as varchar)) like '%html%' or lower(cast(description as varchar)) like '%css%';
select * from fieldlayoutitem where lower(cast(description as varchar)) like '%<javascript%' or lower(cast(description as varchar)) like '%<script%' or lower(cast(description as varchar)) like '%html%' or lower(cast(description as varchar)) like '%css%';
select * from propertytext where id in (select id from propertyentry where property_key='jira.alertheader');
Disabling the "Enable HTML in custom field descriptions and list item values" would also prevent all description-embedded javascripts from executing — even if they're present in the fields. You can toggle it on Admin > System > General configuration > Edit preferences.
- The configuration for "Enable HTML in custom field descriptions and list item values" is now disabled by default since Jira 8.7 as per - JRASERVER-70859Getting issue details... STATUS .