OWASP Markup Formatter

This plugin is also known as "Safe HTML" Plugin and antisamy-markup-formatter.

This plugin allows formatting descriptions of jobs, builds, views, etc. in Jenkins using a safe subset of HTML.

This plugin sanitizes HTML sources using the OWASP Java HTML Sanitizer and a basic policy allowing limited HTML markup in user-submitted text.

Learn more: Markup Formatter configuration in the Jenkins handbook

This plugin is usually installed because it’s a suggested plugin in the setup wizard; Administrators installing the default set of plugins will also install this plugin that way.

It is also bundled in the jenkins.war and will automatically installed as a dependency of plugins with very old (1.553 or older) Jenkins core dependencies.

Once the plugin is installed, go to Manage Jenkins → Configure Global Security → Markup Formatter. Select Safe HTML for the Markup Formatter option.

User-submitted text, like build, job, and view descriptions, will then support HTML formatting, but will be sanitized by removing potentially dangerous elements.

Both the file name antisamy-markup-formatter.hpi and the class name RawHtmlMarkupFormatter are misleading: Neither describes the current behavior of the plugin; both names are used for historical reasons only.