Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-868

Inline HTML Macro

XMLWordPrintable

    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      {html}
      <p>I <b>like</b> fish!</p>{html}

      Disabled by default for security reasons (Cross-site scripting)

            [CONFSERVER-868] Inline HTML Macro

            Charles Miller (Inactive) added a comment -
            • Disabled by default: users will have to uncomment it in wikiSubsystemContext.xml
            • Warning 1: Untrusted users may use HTML to do nasty things, including cookie/password theft.
            • Warning 2: Anything in an {html}

              macro that is not valid XML will cause page export to die messily.

            • Warning 3: May be slightly unreliable if backslashes are involved, since the escaping of backslashed content (necessarily) happens before the macro is invoked, and can't be easily reversed.

            Charles Miller (Inactive) added a comment - Disabled by default: users will have to uncomment it in wikiSubsystemContext.xml Warning 1: Untrusted users may use HTML to do nasty things, including cookie/password theft. Warning 2: Anything in an {html} macro that is not valid XML will cause page export to die messily. Warning 3: May be slightly unreliable if backslashes are involved, since the escaping of backslashed content (necessarily) happens before the macro is invoked, and can't be easily reversed.

              Unassigned Unassigned
              cmiller@atlassian.com Charles Miller (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: