Versions Compared

Old Version 3

changes.mady.by.user Bob Swift

Saved on

compared with

New Version Current

changes.mady.by.user Betsy Walker

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Release Content

  1. Support anti-XSS - respects the Confluence global security setting for Anti-XSS
  2. Updated for specific Confluence 3.1+ support
Warning
titleIncompatibilities due to anti-XSS support

If your site administrator has enabled anti-XSS support in Confluence global security settings, upgrading to this release may cause some sql queries to not display as before. Only those sql tables that use output=html and have html content could be affected. For instance, an html link like <a href=http://google.com>google</a> will no longer be display as a link. If this usage is important for some of your site pages, you can use Confluence Macro Security Plugin CMSP and authorize usage of the disableAntiXss parameter to return to previous support but only for content controlled by trusted users.

Tip
titleRelease 4.2.0 has a config option to disable anti-XSS

See SQL-116. This provides administrators an option to globally disable anti-XSS support for HTML content produced by the SQL macro. This may be convenient where SQL macro use is already controlled by Macro Security for instance.

Resolved Issues

...

.

...