Versions Compared

Old Version 3

changes.mady.by.user Smita Nair

Saved on

compared with

New Version Current

changes.mady.by.user Smita Nair

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Modified contents as per style guide

...

...

...

Table of Contents
maxlevel2
minlevel2
typeflat
separatorpipe

Features

Supports security restrictions as described in CMSP.
Section
Column
Warning

Removal notice:

Please note that the URL user and URL user password parameters were removed (see Deprecation notice: URL user and URL user password parameters). We recommend using profiles to access external data.

Table of Contents
minLevel2
maxLevel6
outlinefalse
styledefault
typelist
printabletrue

Features

  • Supports capabilities for including data similar to other scripting macros.

  • Supports find and replace for adjusting resulting output.

  • Allows

...

  • administrators to restrict the usage of Javascript in the HTML macro (based

...

  • on Allow JavaScript in Configuration settings). The Confluence page throws a rendering error if this parameter is not enabled, and

...

  • Javascript is inserted while using the macro.

Other HTML macros

Tip

By default, header content is excluded as it could interfere with Confluence page HTML. Use head=true to include anyway provided it does not disturb the content.

Parameters

...

Determines how the output is treated.

  • html - standard HTML
  • xhtml - data is treated as XHTML and rendered with the Confluence XHTML renderer prior to display
  • wiki - data is surrounded by a noformat macro. This is a very special case.

...

If the location of data is specified, the included data follows the body data (if any).

...

Parameters

GIF shows how HTML code is entered directly in the macro editor.Image AddedGIF shows how profiles are used with the macro.Image Added


Macro editor label

Default

Description

Data source

Data source


Specify the source of the HTML content to be rendered. The options available are:

  • HTML embed code: Enter HTML code to display content. If this option is selected, a code block section appears where you can enter customized HTML code to be displayed. 

  • URLShow HTML content as referenced with the given URL. If this option is selected, a URL parameter is displayed. Enter the URL of the required source from which the HTML content is to be displayed on the page.

  • Profile: Select a profile to access the required source and display relevant content. Enter the profile name to be transformed. Refer to this link to know more about profiles. Contact your Confluence administrator for further information about the profiles available in your instance.

  • Attachment: Specify the attachment whose content is to be rendered. By default, if selected, Space and Page show the current space and page respectively and you can select an attachment available on this page. The following parameters are shown:

    • Space: Data is read from an attachment to the page name provided in the space indicated.

    • Page: Data is read from an attachment to the page name provided.

...

    • Attachment:

...

    •  Data is read from an attachment to the

...

    • current page.

Note

Once you specify the data source, click anywhere to see the Preview.

Layout

Height of iframe (in px)


Enter the minimum height (in px or em) to be used for the rendered content.

If you do not specify, the height is auto-rendered according to the HTML content.
If you specify the height, the HTML content fits within the specified height. If the content exceeds the specified height, a scroll bar is displayed that allows you to scroll through the content.

Example: 500px or 1.5em 

Anchor
htmlCld150_html_macSecParams
htmlCld150_html_macSecParams

Settings

Format

html

Specify how the output is treated. The options are as follows:

  • html - transformed output is standard HTML

  • xhtml - transformed output is treated as XHTML and rendered with the Confluence XHTML renderer

  • wiki - transformed output is treated as wiki markup and rendered with the Confluence wiki renderer

Find regex patterns

...

Enter a comma separated list of regex patterns to use to post-process the output HTML with find and replace logic.

...

Example: (href=)(/display)

...

Replacement strings

...

Enter a comma separated list corresponding to find patterns via index position in list.

...

If a comma

...

is a part of an entry, use single quotes around it. Example: $1$base_url$2

Timeout in milliseconds

Enter time in milliseconds such that URL connections do not timeout before getting data. Use this to increase time needed for slow connections. Note that if a zero is given the connection may wait infinitely.

File encoding

system default

...

Specify the encoding

...

Usage

Example - HTML from a file in the script folder in the Confluence home directory

No Format
{html:script=#example.html}
{html}

Example - HTML from an attachment

No Format
{html:script=^example.html}
{html}

Example - HTML put within {noformat} panel

No Format
{html:output=wiki|noPanel=true}
Lorem ipsum dolor sit amet, consectetuer adipiscing elit.
Aliquam fermentum vestibulum est. Cras rhoncus.
{html}

Example - HTML from an URL

...

for an external file, if different from the system default handling. Example: UTF-8.

...

User id for URL connection (Removed)


Enter the user name for URL access via basic authentication.

Warning

Removal notice:

Please note that the URL user and URL user password parameters were removed (see Deprecation notice: URL user and URL user password parameters). We recommend using profiles to access external data.

Password for URL connection (Removed)


Enter the password for URL access via basic authentication. 

Warning

Removal notice:

Please note that the URL user and URL user password parameters were removed (see Deprecation notice: URL user and URL user password parameters). We recommend using profiles to access external data.

Allow same origin

Off

Enable the page viewing user to execute scripts to access cookies and Confluence APIs based on the app's Macro security configuration

Info

If the Allow JavaScript global configuration is enabled, the page viewing user can execute scripts to access cookies and Confluence APIs. Please verify that appropriate macro security options and equivalent page restrictions are set for this user/page/app.

Allow script execution

Off

Enable to allow scripts to be executed based on the app's Macro security configuration

Info

If the Allow JavaScript global configuration is enabled, execution of scripts in the HTML macro is always allowed regardless of the Allow script execution parameter status. Please verify that appropriate macro security options and equivalent page restrictions are set for this user/page/app.

Macro security and macro parameter settings

This section explores how the script global setting along with the parameter settings (Allow same origin and Allow script execution) affects the content in the macro. To learn more about the macro security configurations, see the Configuration page.

The following table explains this co-relation:

Global configuration - Allow JavaScript parameter is enabled?

Global configuration - Macro security is provided?

Page restrictions given?

Macro parameters setting

How is the HTML content affected?

Allow same origin

Allow script execution

Yes

NA

NA

NA

NA

Works as expected. If this global configuration parameter is enabled, it overrides any other settings. This is the default behaviour.

No

Not defined or none are applied

NA


Off

Off

Works as expected.

Off

On

Displays a warning message to apply macro security parameter/space/user/group restrictions and have similar page level restrictions to proceed.

On

Off

On

On

Displays a warning message to apply macro security parameter/space/user/group restrictions and have similar page level restrictions to proceed.

Defined (either Parameter name is given or trusted space/user/group is given)

Same as macro security restrictions

Off

Off

Works as expected. Scripts are not executed and no warnings are displayed.

NA

Off

On

Displays a warning message to apply macro security parameter/space/user/group restrictions and have similar page level restrictions to proceed.

On

Off

Same as macro security restrictions

On

On

Works as expected. Macro security parameter/space/user/group restrictions must be applied and similar page level restrictions set to render content.

Points to remember

  • If the global app configuration Allow JavaScript parameter is enabled, it overrides any settings made to the Allow script execution or Allow same origin parameters. This is the default behaviour. This ensures that scripts are executed and content is rendered.

  • If macro security restrictions are set, the pages which have the HTML macro must have the same space/user/group restrictions to render the content. If not done, a warning message is displayed to apply these restrictions to proceed.

  • Warning messages are displayed if restricted user/group tries to access a trusted space and the content is not rendered.

Examples

The following examples show how you can use the macro to render HTML content:

HTML from an attachment

Code Block
{html:script=^example.html}
{html}

HTML from an URL

Code Block
{html:script=#http://localhost/example.html}
{html}

...

Use of CSS inline style sheet

No Formatcode
{html}
<P style="font-size: x-large; color: #8000">
   Using inline style sheets - or is that inline styles?
</p>
{html}

Example - use of CSS external style sheet

No Format
{html}
<LINK href="http://www.cssgarden.com/css/T22/keylime_0001.css"  rel="stylesheet" title="default" type="text/css"></LINK>
<H1>Absolute </H1>
{html}

Info
Make sure that style sheet is available on a server and provide an absolute URL reference to this external style sheet resource.

...