Community
Products
Confluence
Questions
Whitelist does not block content in the HTML Makro

Whitelist does not block content in the HTML Makro

Hello,

we want to use the Confluence "HTML" Makro, to insert external Content into our Confluence. Of course we can not allow every website to be included in our Confluence because of the danger of Cross Site Scripting.

In the General Configration there is a Whitelist where you can insert websites you want to allow access. This Whitelist is not working together with the HTML Makro - so it doesn't matter what websites we add to the whitelist, it is possible to include every script into the HTML Makro.

Is there a way to connect the HTML Makro with the Whitelist or why are the Whitelist and the HTML Makro not working together.

For us it would be very useful if we can block unauthorized code in the html Makro.

Kind Regards

Felix J.

1 answer

0 votes

Hi @Felix Janson
Happy new year.

The allowlist feature in Confluence is tied to a few functionalities, including the HTML Include Macro.

The HTML Macro doesn't rely on the allowlist feature, so the best option is to use the HTML Include.

The possibility of Cross site scripting with the HTML Macro is one of the reasons why it is disabled by default.

Kind regards,
Thiago Masutti

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Forums

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Whitelist does not block content in the HTML Makro

1 answer

Suggest an answer

Was this helpful?

Thanks!

TAGS

Atlassian Community Events