[D8] Conditional message

Looking pretty good. I had some issues during review/testing:

Bugs/Security

• The "once per session" condition seems not to work. The message just doesn't show up at all. I have checked my localStorage, and the conditionalMessageReadStatus key is not in there. This may be the issue, as it looks like you check against the value in line 48 of conditional_message.js.
• Currently, the messages allow for HTML tags, include script tags, to be run. If you intended for the creators of the conditional messages to be able to add HTML and script tags, this is fine, but if not, I would say that this exposes potential XSS vulnerabilities and the strings should be escaped before being sent to the UI.

Stylistic Review

• The link to the "configuration" and the link from the Structure admin page seem to be reversed. Intuitively, if I click on the Structure admin link, then on 'Conditional messages', it should take me to the list of conditional messages where I can view, add, edit, and delete the messages, but instead it takes me to the entity configuration pages. Click on the 'Configuration' link on the Extend page, however, takes me to the aforementioned list instead of the entity configuration page. This felt like a jarring UI issue.
• Another UI issue: after creating a new conditional message, I would expect that the resulting page to which I am redirected would have tabs for me to Edit/Delete the newly created message. However, if I want to edit the message for typos, conditions, etc., I have to navigate to the full list and find the newly created message. This issue and the last issue are noticeably different from how the rest of the Drupal UI functions.
• It could be that I am just unfamiliar with theContentTranslationHandler class, but the file ConditionalMessageTranslationHandler.php is essentially empty; was this intentional?

The bugs/security issues are the main questions/concerns that need to be addressed.

I quickly reviewed the code, and I didn't find any evident security issues. I will make a deeper review later.

(Sorry: The change of status was a mistake.)

I added the PAreview checklist link.
Nothing is reported in that checklist, except the missing tests. While they would help with provided patches, when automatic tests are enabled for the project, they should not be an application blocker (even if they would be an extra point).

Thank you for your contribution! I am going to update your account.

These are some recommended readings to help with excellent maintainership:

• Dries' post on Responsible maintainers
• Best practices for creating and maintaining projects
• Maintaining a drupal.org project with Git
• Commit messages - providing history and credit
• Release naming conventions.
• Helping maintainers in the issue queues

You can find more contributors chatting on the IRC #drupal-contribute channel. So, come hang out and stay involved.
Thank you, also, for your patience with the review process.
Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.

I thank all the dedicated reviewers as well.