Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-58337

can you separate whitelist for Shared link in confluence?

XMLWordPrintable

    • 2
    • 1
    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Hi Team,

      We have a query regarding Share a link option in confluence.

      Currently we are using confluence 6.15.1
      According to the upgrade notes of 6.15.1, https://confluence.atlassian.com/doc/confluence-6-15-upgrade-notes-965554124.html
      ------------------------
      Upgrade notes

      Changes to the Share a link blueprint

      URLs must be added to Confluence's whitelist before they can be shared using the Share a link blueprint. This is to prevent people from accidentally or maliciously sharing links that may pose a security risk to your site. 
      ------------------------
      As a solution we can disable whitelist but it is recommend not disabling the whitelist by atlassian.

      Reason for not disabling: 
      We have the html-include-macro enabled in our confluence due to the need to include data from other sites in our confluence site. When enabling html-include macro we had to enable whitelistning as it open up for cross-site scripting.

      So my question is :
      Did Shared link functionality has same risk of cross site scripting as html include macro ?
      If your answer is NO, can you separate whitelist for Shared link?

              Unassigned Unassigned
              74671214d367 saptagiri
              Votes:
              19 Vote for this issue
              Watchers:
              16 Start watching this issue

                Created:
                Updated: