Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Warning
titleRemoval notice

Please note that the URL user and URL user password parameters were removed (see Deprecation notice: URL user and URL user password parameters). We recommend using profiles to access external data.

...

The configuration settings are categorized into three tabs:

Anchor
HTML_Cld_GlobalConfig
HTML_Cld_GlobalConfig
Global Configuration

...

ParameterDescription
Anchor
HTML_Cld_GlobalConfig_RestrictURL
HTML_Cld_GlobalConfig_RestrictURL
Restrict URL access

This parameter controls whether or not the URL parameter on the HTML for Confluence macro must conform to the allowlisted URLs. Administrators can turn on the Allowlist to restrict access to URLs configured in the Allowlist settings

If enabled, the URL parameter in the app is restricted to only the URLs available in the Allowlist tab.

Enable strict allowlist

This option will apply the URL Allowlist to all content in the HTML content. Note that this feature disables any nested iframes and does not support allowlist entries with regular expressions.

Note

The Allowlist is shared between Appfire and/or Bob Swift applications. 


Allow JavaScript

This option controls the usage of Javascript in the HTML macro. When enabled, the user can use Javascript in the HTML and vice versa.

Help us improve the productEnabling this option reports usage data that helps us improve the app continually. The app does not send any private user data or personally identifiable information. To learn more about what is being sent, refer to Analytics data.

Anchor
HTML_Cld_Whitelist
HTML_Cld_Whitelist
Allowlist

Manage the URLs that the app can access from this page. If the Restrict URL access option is enabled, the app is restricted to allow the specified URLs only.

...

  • Click  to edit the profile details.
  • Click  to remove the profile.
  • Click Save profile to create the profile.

Anchor
htmlCld_config_macroSec
htmlCld_config_macroSec
Macro security

Administrators can define how they want to restrict the usage of macros and macro parameters using macro security. These restrictions are applied through a combination of app configuration (macro security), macro parameters and page restrictions.

Image Added

Click Add restriction to specify the trusted users, user groups and/or spaces that can access the HTML macro.

Image Added

Provide the following parameters to grant access:

ParameterDescription
Restrict access
MacroSpecify the macro for which access is to be restricted. This field is mandatory. Currently, this feature is available only for the HTML macro.
Parameter name

Specify the parameter to be restricted. This field is mandatory. The parameters available with the HTML macro are:

  • Allow same origin
  • Allow script execution

For more information about the parameters, read the macro guide here.

Parameter valueThis parameter is not applicable for the HTML macro.
Trusted access
Spaces

Enter the space key where the macro can safely be accessed. You can add multiple spaces here.

With this approach, no edit page restrictions are needed. Instead, the Confluence administrator and/or the space administrator must apply the appropriate space-level permissions. This ensures that only trusted users and groups can edit content in the specified space(s).

Users

Enter the users who can access the macro. You can add more user names to the trusted users list.

Administrators are recommended to add appropriate edit page restrictions to match the configuration given on this screen.

Groups

Enter the user group who can access the macro. You can add multiple user groups here. 

Administrators are recommended to add appropriate edit page restrictions to match the configuration given on this screen.

Read How macro security works to learn how macro security allows you, as an administrator, to implement relevant granular control over your content.

You can perform the following actions on this page:

  • Click Image Added to edit the details.
  • Click Image Added to remove the restriction(s).