We would like to use the HTML or HTML include macro for our confluence instance
Both of these macro pose the risk of XSS vulnerability. We are using version 7.4.1 . Is there a way to use these macros and avoid the risk of XSS. I read some older articles about disabling JS. Is this available in Server version 7.4.1 ?
Our use case is to be able to include Google Docs in the confluence. So if there is a suggestion for another macro or FREE solution to achieve inclusion of Google Docs without the use of HTML macro / risk of XSS, would be open to that suggestion as well.
Both macros can make your environment vulnerable, even on the latest version of Confluence.
If security is must on your environment, it would be better to rely on a Supported App available on Atlassian Marketplace.
There are at least 3 options that may fit your use case: https://marketplace.atlassian.com/search?hosting=server&moreFilters=vendorSupported&product=confluence&query=google%20drive
Alternatively, is there a way to enable the macros for specific users only ?
Thank you for the link to the marketplace apps. However looks like they are all paid apps, which may not be an option for us right now.
Hi Community! We're thrilled to share that Team Calendars for Confluence is now a built-in feature for Confluence Data Center releases 7.11 and beyond. A long time favorite, Team Cale...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events