Removal notice
Please note that the URL user and URL user password parameters were removed (see Deprecation notice: URL user and URL user password parameters). We recommend using profiles to access external data.
After migrating or installing HTML for Confluence, navigate to the Global Configuration screen:
- Log in as a System Administrator with global permission.
- Navigate to
> Settings > Atlassian Marketplace on the sidebar. - Click HTML Configuration to manage the app configuration.
The configuration settings are categorized into three tabs:
Global Configuration
Use the toggle to enable or disable the Global Configuration settings.
| Parameter | Description |
|---|---|
| Restrict URL access | This parameter controls whether or not the URL parameter on the HTML for Confluence macro must conform to the allowlisted URLs. Administrators can turn on the Allowlist to restrict access to URLs configured in the Allowlist settings. If enabled, the URL parameter in the app is restricted to only the URLs available in the Allowlist tab. |
| Enable strict allowlist | This option will apply the URL Allowlist to all content in the HTML content. Note that this feature disables any nested iframes and does not support allowlist entries with regular expressions. The Allowlist is shared between Appfire and/or Bob Swift applications. |
| Allow JavaScript | This option controls the usage of Javascript in the HTML macro. When enabled, the user can use Javascript in the HTML and vice versa. |
Allowlist
Manage the URLs that the app can access from this page. If the Restrict URL access option is enabled, the app is restricted to allow the specified URLs only.
| Parameter | Description |
|---|---|
| Expression | Enter a URL or an expression here. |
| Type | Select a type from the following list:
|
You can perform the following actions on this page:
- Add the URL after specifying the Expression and Type.
- Update after modifying the details. Select the Expression to enable editing of the URL.
- Delete to remove the URL.
- Save after adding or modifying any URL in the list.
Profiles
Profiles consist of a common set of parameters that allow users to choose a profile in the macros. Some advantages of using profiles are:
- Profiles allow user authentication required by some URLs to be hidden from page viewers and editors. Only Confluence administrators have access to this information.
- Enables macro editors to quickly configure the macro by reusing a shared definition for URL access.
- Relative addressing can be used making the page content less likely to require changes when base URLs are relocated.
- Macro configured URL (that is not a full URL) is appended to the profile provided URL.
The page displays a list of profiles available for the macros. Click Add Profile to open a pop-up window as:
| Parameter | Description |
|---|---|
| Profile name | Enter a name for the profile. |
| Profile type | Displays URL as selected, by default. |
| URL | Enter the URL to be accessed. |
| User; Password | Enter the user name and password to access the specified URL. |
| Access token | Enter the access token to access the specified URL, if needed. Administrators must generate the access tokens from applications, if required, and enter that here. |
| URL parameters | Mention any extra parameters that must be appended to the URL here. |
| Request headers | Displays the request header(s) created as per the given information. |
You can perform the following actions on this page:
- Click
to edit the profile details. - Click
to remove the profile. - Click Save profile to create the profile.
Macro security
Administrators can define how they want to restrict the usage of macros and macro parameters using macro security. These restrictions are applied through a combination of app configuration (macro security), macro parameters and page restrictions.
Click Add restriction to specify the trusted users, user groups and/or spaces that can access the HTML macro.
Provide the following parameters to grant access:
| Parameter | Description |
|---|---|
| Restrict access | |
| Macro | Specify the macro for which access is to be restricted. This field is mandatory. Currently, this feature is available only for the HTML macro. |
| Parameter name | Specify the parameter to be restricted. This field is mandatory. The parameters available with the HTML macro are:
For more information about the parameters, read the macro guide here. |
| Parameter value | This parameter is not applicable for the HTML macro. |
| Trusted access | |
| Spaces | Enter the space key where the macro can safely be accessed. You can add multiple spaces here. With this approach, no edit page restrictions are needed. Instead, the Confluence administrator and/or the space administrator must apply the appropriate space-level permissions. This ensures that only trusted users and groups can edit content in the specified space(s). |
| Users | Enter the users who can access the macro. You can add more user names to the trusted users list. Administrators are recommended to add appropriate edit page restrictions to match the configuration given on this screen. |
| Groups | Enter the user group who can access the macro. You can add multiple user groups here. Administrators are recommended to add appropriate edit page restrictions to match the configuration given on this screen. |
Read How macro security works to learn how macro security allows you, as an administrator, to implement relevant granular control over your content.
You can perform the following actions on this page:
- Click to edit the details.
- Click to remove the restriction(s).
