From f91ebb42382ae058d29da319c83bf42cef89b32d Mon Sep 17 00:00:00 2001
From: Yen Cheng Lin <92412722+ridemountainpig@users.noreply.github.com>
Date: Fri, 29 Nov 2024 05:53:08 +0800
Subject: [PATCH] [JENKINS-73907] Fix double-escaped tooltips in "Help for
 feature" (#10000)

Co-authored-by: Daniel Beck <daniel-beck@users.noreply.github.com>
---
 core/src/main/resources/lib/form/helpLink.jelly           | 2 +-
 test/src/test/java/jenkins/security/Security2779Test.java | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/src/main/resources/lib/form/helpLink.jelly b/core/src/main/resources/lib/form/helpLink.jelly
index e7f2aa213c54..a388baf05f87 100644
--- a/core/src/main/resources/lib/form/helpLink.jelly
+++ b/core/src/main/resources/lib/form/helpLink.jelly
@@ -55,7 +55,7 @@ THE SOFTWARE.
   </st:documentation>
   <j:choose>
     <j:when test="${attrs.url!=null}">
-      <j:set var="altText" value="${attrs.featureName != null ? '%Help for feature:' + ' ' + h.escape(attrs.featureName) : '%Help'}" />
+      <j:set var="altText" value="${attrs.featureName != null ? '%Help for feature:' + ' ' + attrs.featureName : '%Help'}" />
       <a href="#" class="jenkins-help-button" tooltip="${altText}" helpURL="${rootURL}${attrs.url}">
         <!-- .jenkins-help-button span element is required as it's restyled in CSS -->
         <span>?</span>
diff --git a/test/src/test/java/jenkins/security/Security2779Test.java b/test/src/test/java/jenkins/security/Security2779Test.java
index ef8ef8fef7d5..8e2460687aaf 100644
--- a/test/src/test/java/jenkins/security/Security2779Test.java
+++ b/test/src/test/java/jenkins/security/Security2779Test.java
@@ -49,7 +49,7 @@ private void noCrossSiteScriptingInHelp(String selector) throws Exception {
 
         // assert leading space to identify unintentional double-escaping (&amp;lt;) as test failure
         assertThat("tooltip does not contain dangerous HTML", jsResultString, not(containsString(" <img src=x")));
-        assertThat("tooltip contains safe text", jsResultString, containsString("lt;img src=x"));
+        assertThat("tooltip contains safe text", jsResultString, containsString(" &lt;img src=x"));
     }
 
     @TestExtension