we want to use the Confluence "HTML" Makro, to insert external Content into our Confluence. Of course we can not allow every website to be included in our Confluence because of the danger of Cross Site Scripting.
In the General Configration there is a Whitelist where you can insert websites you want to allow access. This Whitelist is not working together with the HTML Makro - so it doesn't matter what websites we add to the whitelist, it is possible to include every script into the HTML Makro.
Is there a way to connect the HTML Makro with the Whitelist or why are the Whitelist and the HTML Makro not working together.
For us it would be very useful if we can block unauthorized code in the html Makro.
Hi @Felix Janson
Happy new year.
The HTML Macro doesn't rely on the allowlist feature, so the best option is to use the HTML Include.
The possibility of Cross site scripting with the HTML Macro is one of the reasons why it is disabled by default.
Hi Community! We're thrilled to share that Team Calendars for Confluence is now a built-in feature for Confluence Data Center releases 7.11 and beyond. A long time favorite, Team Cale...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events