Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

What are the security risks/concerns to adding custom javascript to the body of Confluence pages?

Jeramy
Jeramy
Contributor
December 10, 2024

I have a user who wants me to add custom javascript to the "Custom HTML" section at the end of the Body in Confluence. The javascript hides the create button for a specific space. I've never liked adding custom scripting to the Confluence body or the header. 

 

What security risks should I be aware of before I allow this change?

Do other Confluence admins allow custom javascript in the header or body of their spaces?

To clarify, I'm not referring to adding this as a macro. They want to use the System-level feature.

Thank you.

Answer
Watch
Like Be the first to like this
131 views

1 answer

1 vote
Shawn Doyle - ReleaseTEAM
Shawn Doyle - ReleaseTEAM
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
December 10, 2024

I allow it with caveats. I wouldn't give them all the rights to add it, but would add it for them IF I understand the code and they are a trusted source.

You could have them run it through a Vulnerability Scanning tool, several available online, and if Javascript is heavily used in your environment, you most likely already have a standard one.

 

 

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
SERVER
TAGS
AUG Leaders

Atlassian Community Events

    See all events