GitHub user potiuk added a comment to the discussion: Enable native HTML in documentation markdown.
The main reason was security. DAG authors (according to [our security model](https://airflow.apache.org/docs/apache-airflow/stable/security/security_model.html) - should not be able to influence code executed in the UI. It's extremely difficult (and practically impossibe) to sanitize HTML code provided by the DAG author to avoid some ways the HTML code (actually mostly javascript resulting from rendering the HTML code) might inject bad behaviours in the UI. This behaviour has been introduced in Airflow 2.8 - you can read the changelog when we explained the resoning behind turning off raw html by default. You could of course enable it (but you were warned about security compromise you have to make). https://airflow.apache.org/docs/apache-airflow/stable/release_notes.html#airflow-2-8-0-2023-12-18 In Airflow 3 because of new start we decided to simply disable it - security is an important feature of Airflow 3 - this is why we introduced task isolation and removed some of the things like direct db access for dag authors. The change where raw HTML is not allowed - and it follows the same patterns. Also having much more sophisticated DOM with react, any kind of dynamic reactivity you might have there in the first place would have to be anyhow adjusted. You can explore more sophisticated use of markdown - where you can define links and other elements. In Airflow 3.1+ you can also add react plugins to add more interactivity if you want it and there - you have all the options to add dynamic HTML and javascript you want, but this is controlled not by DAG authors, but by Deployment Managers, which is in-line with our Security Model. So the functionality is not taken away completely. It's just adjusted to match our security model and youl should simply follow along. GitHub link: https://github.com/apache/airflow/discussions/57663#discussioncomment-14846896 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
