-
Suggestion
-
Resolution: Answered
-
None
-
Tomcat 5.5/ jdk 1.5
NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.
A new version of the html macro that is secure.
The html macro is very useful for introducing complex text formatting but also introduces a serious security risk.
There is a developer plug in called "html plug-in" that claims to be secure by only allowing white-listed html tags and attributes. However, due to a bug, it is incompatible with the Rich Text Editor. RTE will strip all the html tags from the content.
I think a secure html macro would really enhance the product.
- relates to
-
- Closed
- was split into
-
CONFSERVER-39825 Quartz scheduled jobs can stop running until restart
-
- Closed
-
- mentioned in
-
Page Failed to load
[CONFSERVER-7629] A secure html macro
Andrew Fuchs
added a comment - We want to use this macro to present large numbers of existing HTML pages (generated from our documentation build process from DocBook) on Confluence pages. We may not be able to do this unless there is a plan to fix this security issue. Is there any thought of scheduling this work? It is a major problem for us.
Andrew Fuchs
added a comment - We want to use this macro to present large numbers of existing HTML pages (generated from our documentation build process from DocBook) on Confluence pages. We may not be able to do this unless there is a plan to fix this security issue. Is there any thought of scheduling this work? It is a major problem for us. 
Thank you for raising this issue. While we can see how this feature would be useful, we have no plans to implement it in the foreseeable future. In order to set expectations, we're closing this request now.
Thanks again for your idea.
Bill Arconati,
Confluence Group Product Manager