Availability

Skip to end of metadata
Go to start of metadata

Description

This add-on provides macros for including HTML and XSLT content on Confluence pages. Make sure you understand the Security section before installing!

Features

  1. HTML content
  2. XSLT content - created by transforming XML into HTML, XHTML, or wiki markup via XSLT scripting
  3. Find and replace support to make on the fly repairs
  4. Macros can be secured for use by trusted users by using Macro Security for Confluence
  5. JTidy support - allows malformed html to can be cleaned up so it displays properly
  6. Access source from macro body, attachments, global or space templates, file system, or URL

Requirements

  1. Ensure that the Atlassian provided html macro is disabled.

 

This plugin is NOT the same as the Atlassian provided Confluence HTML Macros

Atlassian bundles Confluence HTML Macros with Confluence, but they are shipped disabled because of security concerns. They should only be used on internal sites where ALL users are trusted.

The advantage of this add-on is that macros provided are enabled for Macro Security for Confluence and therefore can be used on more secure sites. Configure Macro Security for Confluence so only administrators and other trusted users are allowed to use.

Security

HTML and XSLT provide opportunities for untrusted users to do bad things if they have the ability to create or edit pages or comments or provide other content referenced by these macros. If you do not have a completely trusted environment, you MUST implement and configure Macro Security for Confluence to restrict use of these macros! We recommend restricting access to confluence-adminstrators only.

Related Add-ons

Macro Security for Confluence

  • Secure use to trusted users

More Information

Marketplace

  • Downloads
  • Compatibility
  • Pricing

User's Guide

Gallery

  • No labels

9 Comments

  1. Hi Bob,

    The problem which we are facing is that while using the html macro in any page of confluence
    using this description - " {html}<a href="http://www.google.de">google</a>{html}", we are getting below error -

    html: Security restricted macro is not allowed on this page. A page edit restriction is required that matches the macro authorization list.
    <a href="http://www.google.de">google</a>

    We are using your plugin and it is enable.The confluence default system html plugin is enable. should we disable the system html plugin?

    kindly suggest how to overcome from this error?

    Regards,

    Manish

     

     

    1. The error is the result of having Macro Security for Confluence enabled (a good thing (smile)) on your installation and html macro usage that violates the security policy. The page the macro is used on must be edit restricted to groups authorized to use the html macro by the administrator.

      Not related to the error, but you should disable the System provided html plugin - it is not a secure macro and you don't want it conflicting with the secured macro.

      1. Hi Bob,

        Thanks for response.

        I tried to do this and it worked but if there is already edit restriction applied by the user on that page then it will breach the page edit funcionality of confluence because all users who are the members of group (authorized to use the html macro) can also edit that page.

        Kindly suggest any other workaround for it.

        Regards,

        Manish

        1. This cannot be done directly. Please open an issue to allow an individual user page restriction for a member of an authorized group. However a similar result can normally be accomplished for page fragments by isolating the html (or similar) content to a separate page and including it on the other page which can have a simple, individual page edit restriction. Thus only the html specific content is editable by the group. Another alternative is to define a more specific group (more limited access) and add that group to the list of groups authorized to use html.

  2. Hi Bob,

    I disabled the system provided html plugin last weekend and found no change in error, and then i re-enabled the system provided html plugin

    & it started working perfectly fine and error message disappears.

    Thanks for your help.

    Best,

    Manish

     

    1. Yes, but that means you have now enabled the unprotected html macro. Last macro enabled wins.

  3. Hi Bob,

     

    This partly "damaged" out Confluence - a colleage of mine installed it via the Admin part of Confluence, and instantly removed it, but now all pages where the "html" macro is used is displaying a red "" Unknown macro: 'html'

    My best guess is that because the same macro name is used as in the "Confluence HTML Macros", the reference is now dead.

    I have tried to disable/reenable the HTML module of "Confluence HTML Macros" with no luck.

    How can the reference be reestablished, and isn't is not good that the macro's have same name..

     

    BR,

     

    Normann

    1. Re-enabling the HTML macro from the Confluence macros should be enough. Its a Confluence bug otherwise. I would suggest you enable it and then restart the server and if that doesn't do it, open a support ticket with Confluence.

  4. I just installed this add-on and added an HTML script statement that links to a gliffy diagram. 

    <script src="http://www.gliffy.com/diagramEmbed.js" type="text/javascript"> </script><script type="text/javascript"> gliffy_did = "MyIdHere"; embedGliffy(); </script>

    The JS isn't fully working (hyperlinks in the diagram aren't live), which I'll continue researching,  but my main problem is that, whenever I click Edit to edit the page, all I see is my gliffy diagram. No code, no text, just the diagram. I have to right-click Edit and open it in a new window or tab to actually see the entire page contents. Any ideas? (I had the same problem with the vanilla HTML plugin, which I have now disabled.)