Versions Compared

Old Version 4

changes.mady.by.user Victor Seger

Saved on

compared with

New Version 5

changes.mady.by.user Victor Seger

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Expand
titleCan you elaborate on the statement of how the Secure HTML Macro makes running HTML code safe?

What this means is that the macro wraps the code in an iframe with a domain we control to trigger CORS protections, and the sandbox attribute.

Then when browsers interpret this, they apply a number of client side protections to ensure that security risks like XSS are mitigated.

Expand
titleWhat sort of information Iframes for Confluence captures from our instance when running a server/data center instance of Confluence. If it does capture any information, are there any options to disable this?

We don’t send any data back to our systems from Iframes for Confluence.

Expand
titleIt looks like that the “Whitelisting Feature” on Iframes for Confluence does not work for the Java Script part of the Macro. Could you kindly advise how we can limit from the App/Macro that only certain URLs can be used in java Script?

The whitelisting feature only controls which URL can be iframed into Confluence. We can’t restrict where JS will reach out to since this is based entirely on the behavior that the end user’s browser which we don’t control.

For more information: How Whitelisting and Blacklisting work