Add a warning to text formats that have the "Display any HTML as plain text" and "Limit allowed HTML tags" filters disabled

[klonos]

This issue here is to supplement #4501 and #4499 towards solving some of the UX issues discussed in #1519.

We should be dynamically adding a warning to any text format that has the "Display any HTML as plain text" and "Limit allowed HTML tags" filters disabled. Something similar to what we are doing with permissions:

Warning: Give to trusted roles only; this text format does not limit the allowed HTML tags and has security implications.

The goal is to discourage site admins from using the "Full HTML" format as a go-to solution for when content editors need to be able to do more things.

[stpaultim]

@klonos - I was thinking that this might be a "Good First Issue." But, now I'm thinking it might not be.

Either way, I have questions. It would appear that existing and new text formats have a generic warning on the permissions page that says "Warning: This permission may have security implications depending on how the text format is configured."

This message appears even if you don't have the named filters enabled. Are you suggesting that the issue here is to dynamically set that message, depending upon the filters enabled for each text format?

Are you just thinking about the permissions page or are there other locations where you would suggest adding this message?

Does it also belong on the text formats page?
admin/config/content/formats

[indigoxela]

The goal is to discourage site admins from using the "Full HTML" format

I think I get the point, but I'd like to note: this has nothing to do with any of the text formats Backdrop ships with.

The idea seems to be to warn admins as soon as they turn off both of the security related filters in any format.

• Limit allowed HTML tags
• Display any HTML as plain text

...which requires the warning to appear/disappear in reaction to checkbox toggles? Do we have any example where Backdrop handles messages that way?

And: whoa, that's not easy!