Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage
Highlighted

Wat te doen met SVG attachments? Edited

Gebruikers hebben de vraag gesteld of het mogelijk is om SVG image bestanden te kunnen gebruiken in Confluence. We hebben een SVG-Out add-on bekeken en daarop security tests losgelaten. We waren in staat om malafide scripts in de SVG te stoppen op een manier die de testserver onderuit haalde. We hebben 2 flinke lekken gevonden in de add-on en gebruik van SVG daarom niet toegestaan.

Ben benieuwd hoe andere grote bedrijven kijken naar attachments in het algemeen.

We maken gebruik van een Server licentie.

1 comment

Dave Liao Community Leader Dec 01, 2020

@Hans Leemans - if you're still using Confluence Server (or Data Center), there's a way to do this. Attach an SVG to a page, then...

meow.PNG

While editing pages, you can embed various types of media to display in-line. This does not work in Confluence Cloud, however.

Dave Liao Community Leader Dec 01, 2020

p.s. vote this suggestion up if you're interested in truly native support of SVG files inside Confluence (including Confluence Cloud): https://jira.atlassian.com/browse/CONFSERVER-1762

If you are using no add-on Confluence pages will not show an SVG attachment, it will just show a grey square with the name of the attachment. Clicking on it will open the file and show the SVG. What we tried to do is to use an add-on to show the SVG attachments in the Confluence page. We looked at the SVG-out add-on to do that but it failed our security tests.

SVG is a very hackable format that can easily hide unwanted (HTML) coding. We were able to hack into Confluence just by adding malicious code into the SVG attachment. So, we do not want SVG to be used on our system as our security measurements will not allow this vulnerability risk. 

Dave Liao Community Leader Dec 02, 2020

@Hans Leemans - oh, I misunderstood your question!

Also, regarding my suggestion, that should work in a vanilla Confluence installation. I just tested in a test Confluence on my laptop and I'm able to embed.

Comment

Log in or Sign up to comment
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you