Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

HTML is not parsed from a User Macro in Confluence 7.11.0

Joel Pearson
Joel Pearson
Contributor
February 18, 2021

We recently upgraded from Confluence Server 7.6.2 to 7.11.0, and we noticed that one of our user macros stopped rendering HTML.

Here is a cut down user macro that shows the exact issue

## This is an example macro
## @noparams

<b>Bold Test</b>
#set($output="<b>Bold Test from var</b>")
$output

It is outputting the following now

Bold Test <b>Bold Test from var</b>

But it should be outputting

Bold Test Bold Test from var

Any ideas how to fix the macro again? Is there a velocity function I need to call?

Answer
Watch
Like # people like this
2086 views

3 answers

1 accepted

2 votes
Answer accepted
Joel Pearson
Joel Pearson
Contributor
February 22, 2021

I raised a support ticket and they told me that the variable needs to end in "Html", so that it doesn't get escaped.

So the below code makes it work.

## This is an example macro
## @noparams

<b>Bold Test</b>
#set($outputHtml="<b>Bold Test from var</b>")
$outputHtml

 It looks like this has been this way for around 10 years in plugins as seen here: https://community.atlassian.com/t5/Answers-Developer-Questions/How-to-prevent-velocity-escape-html/qaq-p/464152

I didn't read the above answer properly and saw the "@HtmlSafe" annotation instead, and so I thought I couldn't fix it that way, oh well.

Turns out it is documented in the developer confluence docs for plugins: https://developer.atlassian.com/server/confluence/enabling-xss-protection-in-plugins/#reference-naming-convention but not in the user macro template syntax: https://confluence.atlassian.com/doc/user-macro-template-syntax-223906130.html

View More Comments
Joel Pearson
Joel Pearson
Contributor
February 24, 2021

Support told me it's been this way since v7.7.2 due to a security fix

Like
Davin Studer
Davin Studer
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 24, 2021

Woah!!! Good to know. Thanks for posting.

Like
Bill Bailey
Bill Bailey
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 24, 2021

Thanks for running this to ground. We haven't moved to 7 yet (held back by plugin changes), so good to know as this will bite me in the rear later on. ;-)

Like
Davin Studer
Davin Studer
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 15, 2022

This just bit me when I upgraded our non-prod Confluence. I totally forgot about this ... which I apparently commented on a year ago. I've done a bit of testing and the html at the end of the variable can be any casing. So these all work.

  • html
  • hTmL
  • Html
  • HTML
  • HtMl
  • HtML
  • etc.

Also, any variables just named html/HTML/HtML/etc work. I think I may add a disclaimer about this in m Enhanced User Macro Editor app.

Like
Harry Knott
Harry Knott October 24, 2023

Thanks - this was a very quick fix to something that's been bugging me since a recent upgrade knackered the formatting on some of our macros...

Like
Reply
0 votes
Bill Bailey
Bill Bailey
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 19, 2021

Did the render options for the user macro somehow change, so that the output is not rendered?

View More Comments
Joel Pearson
Joel Pearson
Contributor
February 19, 2021

Are you talking about "Macro Body Processing"? This macro is configured with "No macro body", as the macro doesn't use a body. Regardless I tried all the options, and it didn't make any difference.

Like
Reply
0 votes
Gonchik Tsymzhitov
Gonchik Tsymzhitov
Community Champion
February 18, 2021

Could you try like this?

#set(${output}="<b>Bold Test from var</b>")
${output}

View More Comments
Joel Pearson
Joel Pearson
Contributor
February 19, 2021

Makes no difference.

Like
Joel Pearson
Joel Pearson
Contributor
February 19, 2021

It looks like "#set(${var}" is not valid only "#set($var" works.

By works, I mean valid velocity template, not works as in solves my problem. 

EDIT: clarity.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security