Currently, the announcement system does not seem to allow easily to use some HTML markup in the announcement message.
For example:
components:
reana_ui:
announcement: "<strong>Wednesday December 7th 2022 08:00:00 CET:</a> REANA will be upgraded to latest release bringing several new features. (<a href=\"https://cern.service-now.com/service-portal?id=outage&n=OTG0074500\">OTG0074500</a>)"
Expected behaviour
We may want to make it easy for administrators to use some markup in order to display selected important information such as intervention dates in bold, allow linking to external pages such as OTG notices, etc.
The markup should be considered largely "trusted" for display, as it should be the responsibility of the cluster administrator to make sure that the HTML markup is reasonably small and displays correctly.
However, we should also pay attention to retain safety and prevent possible exploits via unsafe access to config maps etc.
Note
This issue is created to check how we escape and display helm values for the announcement message, and see whether we can create an easy way to allow some HTML markup for the admins to use, all the while retaining good safety against theoretical injecting of unsafe markup.
Current behaviour
Currently, the announcement system does not seem to allow easily to use some HTML markup in the announcement message.
For example:
Expected behaviour
We may want to make it easy for administrators to use some markup in order to display selected important information such as intervention dates in bold, allow linking to external pages such as OTG notices, etc.
The markup should be considered largely "trusted" for display, as it should be the responsibility of the cluster administrator to make sure that the HTML markup is reasonably small and displays correctly.
However, we should also pay attention to retain safety and prevent possible exploits via unsafe access to config maps etc.
Note
This issue is created to check how we escape and display helm values for the announcement message, and see whether we can create an easy way to allow some HTML markup for the admins to use, all the while retaining good safety against theoretical injecting of unsafe markup.