How do I enable HTML Macro?

Phil Rzewski January 18, 2017

This question is in reference to Atlassian Documentation: HTML Macro

I am the Admin for our site, and I went looking for this macro per the "Enabling the HTML Macro" instructions and could not find it. Is it no longer available?

3 answers

1 accepted

3 votes
Answer accepted
Tim
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 18, 2017

Hi Phil,

The HTML macro that was available for server isn't available on cloud.

However we've built a secure HTML macro as part of the Macro for Toolbox Cloud add-on which will let you embed HTML content into a page. Hope that helps!

Phil Rzewski January 18, 2017

@Tim Clipsham,

Thanks for the pointer. What exactly makes your macro secure in a way that the unavailable Confluence one isn't?
 

Tim
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 18, 2017

No worries. The original server macro embeds the content directly into the page itself but our add-on sandboxes your content inside an iframe. We have some more specifics under "Security" in our documentation.

timclipsham September 20, 2018

Update: Our documentation has moved here: https://docs.goodsoftware.co/macro-toolbox (I can't edit my prior post).

Like joseph.cook likes this
Nar Kumar C_ - Narva Software
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
April 7, 2020

FYI company behind Macro Toolbox was acquired by Atlassian and they decided to discontinue this app. 

As alternative option, you can use our app HTML Macro for Confluence

available in Marketplace.

1 vote
Robert Massaioli _Atlassian_
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 18, 2017

Original answer (for posterity):

For security reasons, the built-in HTML macro is not allowed to be enabled on Atlassian Cloud instances. This is a good thing because it makes your Atlassian Cloud Confluence safer.

However, that does not mean that you can't have a HTML Macro. Instead, to get a HTML Macro back you merely install an add-on from the marketplace that will provide it for you.

Here is one for example: https://marketplace.atlassian.com/plugins/biz.artemissoftware.confluence.html.HtmlMacro/cloud/overview

Jan 2022 Update:

For everybody coming here in 2022 and beyond, have you considered using the Forge Platform (and Custom UI) to inject your custom HTML as an App in Jira or Confluence cloud. Like Server, and the HTML Macro, you won't have to host it yourself and it is very secure too; Forge was built with security and trust as first principles. It also is zero cost (other than the effort that it takes you to write the HTML and the Forge App). I highly recommend giving it a try if you are looking for a free solution to this problem OR you are looking for high levels of customisability.

Lisandro Casanova August 29, 2018

Well I don't understand something, What makes it safer? Pay for it?

Like # people like this
Robert Massaioli _Atlassian_
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 29, 2018

It is not that you have to pay for it that makes it safe. The problem with the HTML Macro, as it exists in Confluence Server, is that a malicious user could inject any arbitrary HTML you like into the page and perform any action that you like. That is why we block the HTML macro in our Cloud products. This is an acceptable tradeoff for Server because many Server and Data Center customers that are heavily data privacy conscious will put their server instance in a VPN.

The Atlassian App framework uses iframes, scopes and other mechanisms to block what a 3rd party app can, and cannot, do. This significantly restricts the surface area of harm that injecting arbitrary HTML can cause. So it is the fact that these HTML macros are implemented as Atlassian Apps at all than make them more secure.

Also, our App developers could put in even more safeguards again.

In short, Apps are pretty cool and we invest in making them secure. I hope that answers the question?

Andrea Bocchetti September 20, 2018

That's not solution. The solution is add the html/css and sanitize all inputs.

Like # people like this
Robert Massaioli _Atlassian_
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 19, 2022

I have updated the answer to include Forge as a potential solution to this problem. It can achieve more than the level of customisability that people are looking for.

0 votes
Joseph Saade January 18, 2022

It seems the solution is to pay for it and it becomes "Safer".  Embedding html should come out of the box. Paying subscription fee for such a feature seems bad enough to walk away from confluence into a platform that does not want to squeeze money out of subscribers.

Robert Massaioli _Atlassian_
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 19, 2022

Have you considered using the Forge Platform (and Custom UI) to inject your custom HTML as an App in Jira or Confluence cloud. Like Server, and the HTML Macro, you won't have to host it yourself and it is very secure too. It also is zero cost (other than the effort that it takes you to write the HTML and the Forge App).

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events