Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Summary

A couple of years ago, Confluence implemented more security controls to enable Administrators administrators to restrict some content and support support anti-XSS measures measures. SQL for Confluence app supported these measures and provided the ability to control what is allowed.

Details

If your site administrator has enabled anti-XSS support in Confluence global security settings, then some SQL queries with HTML content may not display as desired. Normally, it is easiest to construct queries that use Wiki output for advanced features like linking and other Confluence features. However, if you need to use HTML (output=html) then , you need to consider how to enable that. For instance, an HTML link like <a href=http://google.com>google</a> map not display as a link. There are 2 primary ways to enable this:

  1. Globally: Administrator goes into the SQL app's Global configuration section to globally Global configuration section to globally disable anti-XSS support for HTML content produced by the SQL macros. 
  2. On specific macro: Use CMSP and authorize the usage of the disableAntiXss parameter for trusted users.