Scenario: Your company has a public-facing Jenkins instance. The owner does not want the project owners to write unescaped tagging in the descriptions of projects. This poses too much of a security issue. However, the owner does want to put a company banner at the bottom of each description. You have 15 minutes to sort out the problem before the management starts buying in unnecessary advice. Within the first five minutes, you ascertain that the escape markup plugin (see Finding 500 errors and XSS attacks in Jenkins Through Fuzzing, Chapter 2, Enhancing Security) performs the escaping of the description.
This recipe shows you how to modify the markup plugin to add a banner to all the descriptions.