Release Content
- Support anti-XSS - respects the Confluence global security setting for Anti-XSS
- Updated for specific Confluence 3.1+ support
Incompatibilities due to anti-XSS support
If your site administrator has enabled anti-XSS support in Confluence global security settings, upgrading to this release may cause some sql queries to not display as before. Only those sql tables that use output=html and have html content could be affected. For instance, an html link like <a href=http://google.com>google</a> will no longer be display as a link. If this usage is important for some of your site pages, you can use Macro Security for Confluence and authorize usage of the disableAntiXss parameter to return to previous support but only for content controlled by trusted users.
Release 4.2.0 has a config option to disable anti-XSS
See SQL-116. This provides administrators an option to globally disable anti-XSS support for HTML content produced by the SQL macro. This may be convenient where SQL macro use is already controlled by Macro Security for instance.