/
Comment visibility in notification templates

Comment visibility in notification templates

Created by Denny Miller
Mar 14, 2025
2 min read

What has changed?

This post is about outbound notification templates and issue comment visibility.

Recently, changes were made to the $context.issue variable found in notification template contexts, removing from it comments that aren’t visible to the recipient.

This was done to enhance security by preventing accidental comment leakage in custom templates. However, app users have said that this reduces the ability to perform custom logic in templates. We have now reverted this change, meaning that all comments are again present via the $context.issue variable.

Further changes are planned to increase control over comment filtering in custom templates.

Am I affected?

You may be affected if:

  • you are using custom templates to send notifications AND

  • your custom templates make use of $context.issue.fields.comment.comments to show comments

Restricting user comments in custom templates

If you don’t need access to previous comments on the issue, use $context.comments as this only contains new comments that are visible to the current recipient.

If you do need previous comments, use $jemhUtils.filterRestrictedComments($context.issue.fields.comment.comments) to get only comments that are visible to the current recipient.

<h1>Shows comments visible to recipient</h1> #set($restrictedCommentsFromIssue = $jemhUtils.filterRestrictedComments($context.issue.comment.comments)) <p>Added $restrictedCommentsFromIssue.size() comments to Issue $context.issue.key.asText()</p> #foreach( $comment in $restrictedCommentsFromIssue ) <h3>Comment created $comment.created.asText()</h3> $jemhUtils.wikiToHtml($comment.body.asText()) #end

If a custom template doesn't use $jemhUtils.filterRestrictedComments when using $context.issue.comment.comments, recipients may see comments that aren’t normally visible to them!

For more information, please see https://thepluginpeople.atlassian.net/wiki/x/J4BvAg.

Showing all comments to recipients (including internal/restricted)

If your intended behaviour is to show all comments, regardless of comment visibility restrictions, use $context.issue.comment.comments.

<h1>Shows all comments to recipient (including those not visible to them)</h1> #set($commentsFromIssue = $context.issue.comment.comments) <p>Added $commentsFromIssue.size() comments to Issue $context.issue.key.asText()</p> #foreach( $comment in $commentsFromIssue ) <h3>Comment created $comment.created.asText()</h3> $jemhUtils.wikiToHtml($comment.body.asText()) #end

If you do not intend to show all comments, please review Comment visibility in notification templates | How to restrict user comments? to filter comments.