potiuk commented on code in PR #35460: URL: https://github.com/apache/airflow/pull/35460#discussion_r1382637280
########## newsfragments/35460.significant.rst: ########## @@ -0,0 +1,10 @@ +Per default raw HTML code in DAG docs and DAG params descriptions is disabled with 2.8.0. + +To ensure that no maliceus javascript can be injected with DAG descriptions or trigger UI forms by DAG authors +a new parameter ``webserver.allow_html_in_dag_docs`` was added with default value of ``False``. +If you trust your DAG authors code and want to allow using raw HTML in DAG descriptions and params and restore the previous +behavior you must set the configuration value to ``True``. + +To ensure Airflow is secure by default, the raw HTML support in trigger UI has been super-seeded by markdown support via +the ``description_md`` attribute. If you have been using ``description_html`` please migrate to ``escription_md``. Review Comment: ```suggestion the ``description_md`` attribute. If you have been using ``description_html`` please migrate to ``description_md``. ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org