Versions Compared

Old Version 12

changes.mady.by.user Andy Brook [Plugin People]

Saved on

compared with

New Version 13

changes.mady.by.user Kartik Verma

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

(warning) The inclusion of content from other websites on Confluence pages is a security risk. Use if you trust all your users.

Configuration page

From version 1.4.2, we've addressed additional functionality to aid the security for this Macro. This provides the Administrator with control over the URLs which are accessible via White-listing and excluding scripts from the source code. For more information on this, please refer to Configuration page - Security Enhancement.

Drivers for development

The Confluence HTML Macros include {html-include} which is neat way of pulling arbitrary content into Confluence. For me I have a sister Twiki that cant be imported into Confluence due to its dynamic data. The Atlassian plugin doesn't take account of relative URL's,

Example

Renders in Confluence as

Result

href="someplace/somefile.gif

href="http://confluencePAGE_URL/someplace/somefile.gif"

(error)

location="../../someplace/somefile.gif

href="http://confluencePAGE_URL/../../someplace/somefile.gif

(error)

href="/someplace/somefile.gif

href="http://confluenceSERVER_URL/someplace/somefile.gif"

(error)

An ajaxy/GWT application

(error)


Info
titleAttempting to get code adopted

This plugin was a response to CONF-6567 and the low vote count it had, I;m currently attempting to get it adopted by Atlassian as it would be even better if this could take advantage of the 2.9.2+ site White-listing features in the Atlassian macro, which is currently not possible probably.

...

No Format
{html-include-replace:url=http://someplace/possiblysomedir/somefile.html|container=iframe|width=400|height=400}


Options

Example Value

Description

replace1

replace1=badtag

eg'replace' with unique (replacement) number suffixes, (subject of future refactor I'm sure) causes the whole of the 'badtag' to be removed, including its closing badtag, necessary if a given tag causes jtidy parse problems

engine

jtidy

optional parameter, enables different cleanup engines to be selected, default is Atlassian Fast Page Parser, other options include: 'jtidy' and 'neko'

includeStyles

true

Styles (.css) referenced via href= attributes are dynamically loaded into page from the source server (warning) IS a very real risk of collisions with Confluence CSS names, styling of Confluence may be adversely affectged.

includeScripts

true

Scripts (.js) referenced via href= attributes are dynamically loaded into page from the source server
(warning) IS a very real risk of XSS attacks
(warning) IS a very real risk of Javascript collisions, possibly causing Confluence to behave improperly (older version of common libraries being loaded for example

container

none|div|iframe

defines whether a container element should wrap included elements. In the case of IFrame, this totally separates content

width

400

50%

sets the width of the IFrame if used

height

500

50%

sets the height of the IFrame if used

style

'scrolling: auto; align: right'

any CSS styles to be applied

Example

CNN in a box:

No Format
{html-include-replace:url=http://www.cnn.com|includeStyles=true}

...

Gallery
columns3
titleSome example websites

Version History

?

  • hope to get Atlassian to merge this into their html-include plugin so this functionality gets the advantage of the target site whitelisting
  • extend to allow users to specify additional tags/functions that need to get processed

0.5

  • Enables GWT applications to be embedded in confluence via Iframes

0.4

  • Removals execute irrespective of engine selection
  • Scripts and Styles referred to in the head section of the source URL page, can be dynamically loaded into the page to help fix layout/display problems (but introduces a whole heap of other possible problems

0.3

  • Uses regexp to replace most tags, added comprehensive unit testing for correct URL replacement

Known Issues

Legacy Issues

...