...
See JQL Use Cases for more examples.
Think carefully about your query results
...
Query results
Think carefully about what values might be used as replacements for the {issue.FIELD NAME} placeholders. Or, what happens , if an issue has no value in a specified field. There could be some variation in the data of your issues.
| Note |
|---|
...
If you are not careful, the result of a JQL query might unexpectedly contain hundreds of issues. Or, the JQL query might fail because the syntax has become invalid after the placeholders have been replaced. |
| Anchor | ||||
|---|---|---|---|---|
|
...
This way, you can prevent JSU from accidentally processing hundreds of issues. By default, this limit is 50 issues, and the maximum limit is 1,000.
JQL injection
Be Be aware of potential 'JQL injection'. JSU does not check any value that it retrieves from the current issue. A malicious user might craft the value of a field (for example the value of a text field) so that after the replacement it adds additional criteria to your JQL query.
| Note |
|---|
We recommend that you do not use any text fields as placeholders, or any other field for which a user can freely change the text. Only use fields that can contain one/several clearly defined values. |
Syntax for field names
Field names in your JQL should be the same as in the Advanced Search. We suggest using the issue navigator's auto-complete feature to get the correct field names. In Jira's top menu bar, go to Issues > Search for issues, and switch to Advanced search.
...
Approver or cf[10010]
Hosting Server or cf[12910]
Date to Join or cf[11000]
| Info |
|---|
...
If you have several custom fields with the same name, you can only use the cf[12345] notation to refer to one of them. |
Syntax for values of the current issue
...
However, the cf[12345] notation is not supported between curly brackets.
| Info |
|---|
...
If you have several custom fields with the same name, you must use the custom field ID. |