From 0bae79103bf367d82180b2383e62534081b7b287 Mon Sep 17 00:00:00 2001
From: Sander van de Geijn <sandervandegeijn@icloud.com>
Date: Thu, 5 Mar 2026 22:48:41 +0100
Subject: [PATCH 1/5] [IMP] Add markdown rendering for alert notes

---
 source/app/static/assets/js/iris/alerts.js | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/source/app/static/assets/js/iris/alerts.js b/source/app/static/assets/js/iris/alerts.js
index 95806161d..2d3da7944 100644
--- a/source/app/static/assets/js/iris/alerts.js
+++ b/source/app/static/assets/js/iris/alerts.js
@@ -1,5 +1,12 @@
 let sortOrder ;
 
+function renderAlertNoteMarkdown(noteText) {
+    if (!noteText) return '';
+    let converter = get_showdown_convert();
+    let html = converter.makeHtml(do_md_filter_xss(noteText));
+    return do_md_filter_xss(html);
+}
+
 function objectToQueryString(obj) {
   return Object.keys(obj)
     .filter(key => obj[key] !== undefined && obj[key] !== null && obj[key] !== '')
@@ -853,7 +860,7 @@ function renderAlert(alert, expanded=false, modulesOptionsAlertReq,
   alert.alert_source = alert.alert_description ? filterXSS(alert.alert_source) : 'No source provided';
   alert.alert_source_link = filterXSS(alert.alert_source_link);
   alert.alert_source_ref = filterXSS(alert.alert_source_ref);
-  alert.alert_note = filterXSS(alert.alert_note);
+  alert.alert_note = alert.alert_note || '';
 
   let menuOptionsHtmlAlert = '';
   const menuOptions = modulesOptionsAlertReq;
@@ -1004,7 +1011,7 @@ function renderAlert(alert, expanded=false, modulesOptionsAlertReq,
                     
                     <div class="separator-solid"></div>
                     <h3 class="title mb-3"><strong>Alert note</strong></h3>
-                    <pre id=alertNote-${alert.alert_id}>${alert.alert_note}</pre>
+                    <div id="alertNote-${alert.alert_id}">${renderAlertNoteMarkdown(alert.alert_note)}</div>
                     
                     <!-- Alert Context section -->
                     ${

From 9380b91d5ec7775fb322d910c4fa385c4eb48be2 Mon Sep 17 00:00:00 2001
From: Sander van de Geijn <sandervandegeijn@icloud.com>
Date: Thu, 5 Mar 2026 23:02:18 +0100
Subject: [PATCH 2/5] [FIX] Preserve raw markdown when editing alert notes

---
 source/app/static/assets/js/iris/alerts.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/source/app/static/assets/js/iris/alerts.js b/source/app/static/assets/js/iris/alerts.js
index 2d3da7944..306fac463 100644
--- a/source/app/static/assets/js/iris/alerts.js
+++ b/source/app/static/assets/js/iris/alerts.js
@@ -1012,6 +1012,7 @@ function renderAlert(alert, expanded=false, modulesOptionsAlertReq,
                     <div class="separator-solid"></div>
                     <h3 class="title mb-3"><strong>Alert note</strong></h3>
                     <div id="alertNote-${alert.alert_id}">${renderAlertNoteMarkdown(alert.alert_note)}</div>
+                    <pre id="alertNoteRaw-${alert.alert_id}" class="d-none">${filterXSS(alert.alert_note)}</pre>
                     
                     <!-- Alert Context section -->
                     ${
@@ -1567,7 +1568,7 @@ async function editAlert(alert_id, close=false) {
 
     alertTag.val($(`#alertTags-${alert_id}`).text())
     set_suggest_tags(`editAlertTags`);
-    $('#editAlertNote').val($(`#alertNote-${alert_id}`).text());
+    $('#editAlertNote').val($(`#alertNoteRaw-${alert_id}`).text());
 
     let alert_resolution = getAlertResolutionName(alert_id);
     if (alert_resolution === '') {

From 80f3b8da93100b34a7b0fbf6bfcfb8bcce5eb3d1 Mon Sep 17 00:00:00 2001
From: Sander van de Geijn <sandervandegeijn@icloud.com>
Date: Thu, 5 Mar 2026 23:03:50 +0100
Subject: [PATCH 3/5] [FIX] Sanitize markdown after conversion, not before

---
 source/app/static/assets/js/iris/alerts.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source/app/static/assets/js/iris/alerts.js b/source/app/static/assets/js/iris/alerts.js
index 306fac463..136060bb7 100644
--- a/source/app/static/assets/js/iris/alerts.js
+++ b/source/app/static/assets/js/iris/alerts.js
@@ -3,7 +3,7 @@ let sortOrder ;
 function renderAlertNoteMarkdown(noteText) {
     if (!noteText) return '';
     let converter = get_showdown_convert();
-    let html = converter.makeHtml(do_md_filter_xss(noteText));
+    let html = converter.makeHtml(noteText);
     return do_md_filter_xss(html);
 }
 

From b792f901b79c98c658c828615aa4bc50b9f1bf80 Mon Sep 17 00:00:00 2001
From: Sander van de Geijn <sandervandegeijn@icloud.com>
Date: Thu, 5 Mar 2026 23:11:34 +0100
Subject: [PATCH 4/5] [FIX] Fetch raw markdown from API when editing alert
 notes

---
 source/app/static/assets/js/iris/alerts.js | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/source/app/static/assets/js/iris/alerts.js b/source/app/static/assets/js/iris/alerts.js
index 136060bb7..bf5c0144d 100644
--- a/source/app/static/assets/js/iris/alerts.js
+++ b/source/app/static/assets/js/iris/alerts.js
@@ -3,7 +3,7 @@ let sortOrder ;
 function renderAlertNoteMarkdown(noteText) {
     if (!noteText) return '';
     let converter = get_showdown_convert();
-    let html = converter.makeHtml(noteText);
+    let html = converter.makeHtml(do_md_filter_xss(noteText));
     return do_md_filter_xss(html);
 }
 
@@ -1012,7 +1012,6 @@ function renderAlert(alert, expanded=false, modulesOptionsAlertReq,
                     <div class="separator-solid"></div>
                     <h3 class="title mb-3"><strong>Alert note</strong></h3>
                     <div id="alertNote-${alert.alert_id}">${renderAlertNoteMarkdown(alert.alert_note)}</div>
-                    <pre id="alertNoteRaw-${alert.alert_id}" class="d-none">${filterXSS(alert.alert_note)}</pre>
                     
                     <!-- Alert Context section -->
                     ${
@@ -1568,7 +1567,9 @@ async function editAlert(alert_id, close=false) {
 
     alertTag.val($(`#alertTags-${alert_id}`).text())
     set_suggest_tags(`editAlertTags`);
-    $('#editAlertNote').val($(`#alertNoteRaw-${alert_id}`).text());
+
+    let alertData = await fetchAlert(alert_id);
+    $('#editAlertNote').val(alertData.data.alert_note || '');
 
     let alert_resolution = getAlertResolutionName(alert_id);
     if (alert_resolution === '') {

From bd6c0cfdfa41575cb8fb73b519ac2275d2e529df Mon Sep 17 00:00:00 2001
From: Sander van de Geijn <sandervandegeijn@icloud.com>
Date: Thu, 5 Mar 2026 23:13:18 +0100
Subject: [PATCH 5/5] [IMP] Increase alert note textarea to rows=10, consistent
 with other edit modals

---
 source/app/blueprints/alerts/templates/alerts.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source/app/blueprints/alerts/templates/alerts.html b/source/app/blueprints/alerts/templates/alerts.html
index c2a4d6cbe..af10b9f75 100644
--- a/source/app/blueprints/alerts/templates/alerts.html
+++ b/source/app/blueprints/alerts/templates/alerts.html
@@ -280,7 +280,7 @@ <h5 class="modal-title" id="closeAlertModalLabel"></h5>
           <div class="form-group">
 
             <label for="editAlertNote">Note</label>
-            <textarea class="form-control" id="editAlertNote" rows="3"></textarea>
+            <textarea class="form-control" id="editAlertNote" rows="10"></textarea>
           </div>
           <div class="form-group">
             <label for="editAlertTags">Tags</label>