Use HTML in Queries - 10.x

Summary

A couple of years ago, Confluence implemented more security controls to enable administrators to restrict some content and support anti-XSS measures. SQL for Confluence app supported these measures and provided the ability to control what is allowed.

Details

If your site administrator has enabled anti-XSS support in Confluence global security settings, then some SQL queries with HTML content may not display as desired. Normally, it is easiest to construct queries that use wiki output for advanced features like linking and other Confluence features. However, if you need to use HTML (output=html), you need to consider how to enable that. For instance, an HTML link like <a href=http://google.com/>google</a> map not display as a link.

There are two primary ways to enable this:

  1. Globally: Administrator goes into the SQL app's Global configuration section to globally disable anti-XSS support for HTML content produced by the SQL macros. 
  2. On specific macro: Use Macro Security for Confluence and authorize the usage of the disableAntiXss parameter for trusted users.