jedcunningham commented on code in PR #35460:
URL: https://github.com/apache/airflow/pull/35460#discussion_r1387483005
##########
airflow/config_templates/config.yml:
##########
@@ -1828,6 +1828,17 @@ webserver:
type: boolean
example: ~
default: "False"
+ allow_raw_html_descriptions:
+ description: |
+ A DAG author is able to provide any raw HTML into ``doc_md`` or params
description for text
+ formatting. This is including potentially unsafe javascript.
Displaying the DAG or trigger
+ form in web UI provides the DAG author the potential to inject
malicieus code into clients
Review Comment:
```suggestion
form in web UI provides the DAG author the potential to inject
malicious code into clients
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
