Use of "constants" in Manager to generate HTML/CSS content
-----BEGIN PGP SIGNED MESSAGE-----
I was looking at this PR and wondering why we have huge swaths of
CSS and HTML in a Java source file, instead of using e.g. JSP or some
other content-generation framework.
I know, I hate JSP, too, but having large blocks of HTML and CSS in
Java strings is just ... awful.
Also, is there a particular reason we are using embedded CSS in the
pages instead of an external CSS file?
Ultimately, it would be a good idea to move all CSS and even styles
into a separate CSS file so we can tighten-up the Content Security
Policy on the manager app. This can help prevent attacks if there
happens to be some kind of XSS vulnerability hiding in there somewhere.