Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
None
-
2
-
Description
Hi Team,
We have a query regarding Share a link option in confluence.
Currently we are using confluence 6.15.1
According to the upgrade notes of 6.15.1, https://confluence.atlassian.com/doc/confluence-6-15-upgrade-notes-965554124.html
------------------------
Upgrade notes
Changes to the Share a link blueprint
URLs must be added to Confluence's whitelist before they can be shared using the Share a link blueprint. This is to prevent people from accidentally or maliciously sharing links that may pose a security risk to your site.
------------------------
As a solution we can disable whitelist but it is recommend not disabling the whitelist by atlassian.
Reason for not disabling:
We have the html-include-macro enabled in our confluence due to the need to include data from other sites in our confluence site. When enabling html-include macro we had to enable whitelistning as it open up for cross-site scripting.
So my question is :
Did Shared link functionality has same risk of cross site scripting as html include macro ?
If your answer is NO, can you separate whitelist for Shared link?