Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

...

...

...

title
Warning

Removal notice:

Please note that the URL user and URL user password parameters were removed (see Deprecation notice: URL user and URL user password parameters). We recommend using profiles

 to

 to access external data.

Table of Contents
minLevel2
maxLevel6
outlinefalse
styledefault
typelist
printabletrue

After migrating or  or installing HTML for Confluence, navigate to the Global Configuration screen:

  1. Log in as a System Administrator with global permission.

  2. Navigate to Image Modified > Settings > Atlassian Marketplace on the sidebar.

  3. Click HTML Configuration

...

  1.  to manage the app configuration.

The configuration settings are categorized into three the following tabs:

Anchor
HTML_Cld_GlobalConfig
HTML_Cld_GlobalConfig
Global

...

Configuration

Use the toggle to enable or disable the Global Configuration settings.Image Removed

...

Parameter

Description

Anchor
HTML_Cld_GlobalConfig_RestrictURL
HTML_Cld_GlobalConfig_RestrictURL
Restrict URL access

This parameter controls whether or not the URL parameter on the HTML for Confluence macro must conform to the allowlisted URLs. Administrators can turn on the Allowlist to restrict access to URLs configured in the Allowlist settings

If enabled, the URL parameter in the app is restricted to only the URLs available in

the 

the Allowlist

 tab

 tab.

Enable strict allowlist

This option

allows you to restrict

will apply the URL Allowlist to all content in the HTML content

to only the URLs available in the Allowlist tab. This new option And it is applicable to indirectly referenced content such as images and nested iframes that is not covered by the existing allowlist configuration.

If enabled, the HTML content is restricted to only the URLs available in the Allowlist tab.

StatuscolourGreytitleNote The

. Note that this feature disables any nested iframes and does not support allowlist entries with regular expressions.

Note

The Allowlist is shared between Appfire and/or Bob Swift applications.

This feature does not support Allowlist entries with Regular Expressions.

 

Allow JavaScript

This option controls the usage of Javascript in the HTML macro. When enabled, the user can use Javascript in the HTML and vice versa.

Help us improve the product

Enabling this option reports usage data that helps us improve the app continually. The app does not send any private user data or personally identifiable information. To learn more about what is being sent, refer to Analytics data.

Anchor
HTML_Cld_Whitelist
HTML_Cld_Whitelist
Allowlist

Manage the URLs that the app can access from this page. If the Restrict URL access option is enabled, the the app is restricted to allow the specified URLs only.Image Removed

...

Parameter

Description

Expression

Enter a URL or an expression here.

Type

Select a type from the following list:

  • Domain name - allows URLs of a specific domain. Example: https://www.example.com/

.
  • Exact match - allows only the specified URL. Example: https://www.example.com/thispage

.
  • Wildcard expression - allows all matching URLs. Use * as a wildcard character to replace one or more characters. Example:

 https
  •  https://*example.com

.
  • Regular expression - allows all URLs matching the specified regular expression. Example:

 http
  •  http(s)?://www\.example\.com

.
link

You can perform the following actions on this page:

  • Add the URL after specifying the Expression and Type.

  • Update after modifying the details. Select the Expression to enable editing of the URL.

  • Delete to remove the URL.

  • Save after adding or modifying any URL in the list.

Anchor
HTML_Cld_Profiles
HTML_Cld_Profiles
Profiles

Profiles consist of a common set of parameters that allow users to choose a profile in the macros. Some advantages of using profiles are:

  • Profiles allow user authentication required by some URLs to be hidden from page viewers and editors. Only Confluence administrators have access to this information.

  • Enables macro editors to quickly configure the macro by reusing a shared definition for URL access. 

  • Relative addressing can be used making the page content less likely to require changes when base URLs are relocated. 

    • Macro configured URL (that is not a full URL) is appended to the profile provided URL.

...

The page displays a list of profiles available for the macros. Click Add Profile to open a pop-up window as:Image Removed

...

Parameter

Description

Profile name

Enter a name for the profile.

Profile type

Displays URL as selected, by default. 

URL

Enter the URL to be accessed.

User; Password

Enter the user name and password to access the specified URL.

Access token

Enter the access token to access the specified URL, if needed. Administrators must generate the access tokens from applications, if required, and enter that here.

URL parameters

Mention any extra parameters that must be appended to the URL here. 

Request headers

Displays the request header(s) created as per the given information.

You can perform the following actions on this page:

  • Click 

  • Image Removed to
  • (blue star)  to edit the profile details.

  • Click Image Modified to remove the profile.

  • Click Save profile to create the profile.

Anchor
htmlCld_config_macroSec
htmlCld_config_macroSec
Macro security

Administrators can define how they want to restrict the usage of macros and macro parameters using macro security. These restrictions are applied through a combination of app configuration (macro security), macro parameters and page restrictions.

...

Click Add restriction to specify the trusted users, user groups and/or spaces that can access the HTML macro.

...

Provide the following parameters to grant access:

Parameter

Description

Restrict access

Macro

Specify the macro for which access is to be restricted. This field is mandatory. Currently, this feature is available only for the HTML macro.

Parameter name

Specify the parameter to be restricted. This field is mandatory. The parameters available with the HTML macro are:

  • Allow same origin

  • Allow script execution

For more information about the parameters, read the macro guide here.

Parameter value

This parameter is not applicable for the HTML macro.

Trusted access

Spaces

Enter the space key where the macro can safely be accessed. You can add multiple spaces here.

With this approach, no edit page restrictions are needed. Instead, the Confluence administrator and/or the space administrator must apply the appropriate space-level permissions. This ensures that only trusted users and groups can edit content in the specified space(s).

Users

Enter the users who can access the macro. You can add more user names to the trusted users list.

Administrators are recommended to add appropriate edit page restrictions to match the configuration given on this screen.

Groups

Enter the user group who can access the macro. You can add multiple user groups here. 

Administrators are recommended to add appropriate edit page restrictions to match the configuration given on this screen.

Read How macro security works to learn how macro security allows you, as an administrator, to implement relevant granular control over your content.

You can perform the following actions on this page:

  • Click (blue star) to edit the details.

  • Click Image Added to remove the restriction(s).

Additional references