Skip to end of banner
Go to start of banner

HTML macro - Cloud

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 22 Next »

Removal notice

Please note that the URL user and URL user password parameters were removed (see Deprecation notice: URL user and URL user password parameters). We recommend using profiles to access external data.

Features

  • Supports capabilities for including data similar to other scripting macros.
  • Supports find and replace for adjusting resulting output.
  • Allows administrators to restrict the usage of Javascript in the HTML macro (based on Allow JavaScript in Configuration settings). The Confluence page throws a rendering error if this parameter is not enabled, and Javascript is inserted while using the macro.


Parameters

Macro editor labelDefaultDescriptionMacro parameter
Formathtml

Specify how the output is treated. The options are as follows:

  • html - data is entered as standard HTML directly in the macro body
  • xhtml - data is treated as XHTML and rendered with the Confluence XHTML renderer prior to display
  • wiki - data is surrounded by a noformat macro. This is a very special case.

Profile

Enter the profile name to be transformed. Refer to this link to know more about profiles. Contact your Confluence administrator for further information about the profiles available in your instance.

profile name
Location of HTML datamacro body

Enter the location of data. If specified, the included data follows the body data (if any).

  • #http... - Data is read from URL. May require the user and password parameters as well.
  • ^attachment - Data is read from an attachment to the current page.
  • page^attachment - Data is read from an attachment to the page name provided.
  • space:page^attachment - Data is read from an attachment to the page name provided in the space indicated.
script
Find regex patterns

Enter a comma separated list of regex patterns to use to post-process the output HTML with find and replace logic. Example: (href=)(/display)

find
Replacement strings

Enter a comma separated list corresponding to find patterns via index position in list. If a comma is a part of an entry, use single quotes around it. Example: $1$base_url$2

replace
File encodingsystem defaultSpecify the encoding for an external file, if different from the system default handling. Example: UTF-8.encoding
Timeout in milliseconds
Enter time in milliseconds such that URL connections do not timeout before getting data. Use this to increase time needed for slow connections. Note that if a zero is given the connection may wait infinitely.timeout
User id for URL connection (Removed)

Enter the user name for URL access via basic authentication.

Removal notice

Please note that the URL user and URL user password parameters were removed (see Deprecation notice: URL user and URL user password parameters). We recommend using profiles to access external data.

user
Password for URL connection (Removed)

Enter the password for URL access via basic authentication. 

Removal notice

Please note that the URL user and URL user password parameters were removed (see Deprecation notice: URL user and URL user password parameters). We recommend using profiles to access external data.

password
Height of rendered contentauto calculated

Enter the minimum height (in px or em) to be used for the rendered content.

If you do not specify, the height is auto-rendered according to the HTML content.
If you specify the height, the HTML content fits within the specified height. If the content exceeds the specified height, a scroll bar is displayed that allows you to scroll through the content.

Example: 500px or 1.5em 

height
Allow same originOff

Enable the page viewing user to execute scripts to access cookies and Confluence APIs based on the app's Macro security configuration

If the Allow JavaScript global configuration is enabled, the page viewing user can execute scripts to access cookies and Confluence APIs. Please verify that appropriate macro security options and equivalent page restrictions are set for this user/page/app.


Allow script executionOff

Enable to allow scripts to be executed based on the app's Macro security configuration

If the Allow JavaScript global configuration is enabled, execution of scripts in the HTML macro is always allowed regardless of the Allow script execution parameter status. Please verify that appropriate macro security options and equivalent page restrictions are set for this user/page/app.


Macro security and macro parameter settings

This section explores how the script global setting along with the parameter settings (Allow same origin and Allow script execution) affects the content in the macro. To learn more about the macro security configurations, see the Configuration page.

The following table explains this co-relation:

Global configuration - Allow JavaScript parameter is enabled?Global configuration - Macro security is provided?Page restrictions given?

Macro parameters setting

How is the HTML content affected?
Allow same originAllow script execution
YesNANANANAWorks as expected. If this global configuration parameter is enabled, it overrides any other settings. This is the default behaviour.
NoNot defined or none are appliedNA


OffOffWorks as expected.
OffOnDisplays a warning message to apply macro security parameter/space/user/group restrictions and have similar page level restrictions to proceed.
OnOff
OnOn

Displays a warning message to apply macro security parameter/space/user/group restrictions and have similar page level restrictions to proceed.

Defined (either Parameter name is given or trusted space/user/group is given)Same as macro security restrictionsOffOff

Works as expected. Scripts are not executed and no warnings are displayed.

NA

OffOnDisplays a warning message to apply macro security parameter/space/user/group restrictions and have similar page level restrictions to proceed.
OnOff

Same as macro security restrictions

OnOn

Works as expected. Macro security parameter/space/user/group restrictions must be applied and similar page level restrictions set to render content.

Points to remember

  • If the global app configuration Allow JavaScript parameter is enabled, it overrides any settings made to the Allow script execution or Allow same origin parameters. This is the default behaviour. This ensures that scripts are executed and content is rendered.
  • If macro security restrictions are set, the pages which have the HTML macro must have the same space/user/group restrictions to render the content. If not done, a warning message is displayed to apply these restrictions to proceed.
  • Warning messages are displayed if restricted user/group tries to access a trusted space and the content is not rendered.

Examples

The following examples show how you can use the macro to render HTML content:

  • HTML from an attachment

    {html:script=^example.html}
    {html}
    
  • HTML from an URL

    {html:script=#http://localhost/example.html}
    {html}
    
  • Use of CSS inline style sheet

    {html}
    <P style="font-size: x-large; color: #8000">
       Using inline style sheets - or is that inline styles?
    </p>
    {html}
    


  • No labels