Iframe url7/12/2023 ![]() You can use a double * * character to search for any content. You can use a single * character to search for any content up to the next path operator.Įxample: You can add the * to a URL such as this one */inbox if you wanted to say that the inboxes of all users were safe, regardless of the user. This will allow you to approve all pages within a website or a set of specific pages within a website. When adding URLs to the approved list, you can use wildcard operators. This impacts the feature in two ways:Īll Iframe URLs added to the approved list will be permitted in any Iframes across Confluence and are not bound to a specific Iframe on one page. The Iframe Macro Configuration feature supports URL pattern matching, making the process of managing Iframe states more efficient. Iframes in this state will not be rendered and a message stating This URL is disallowed will be displayed with more information. Only authenticated Confluence admins are able to place Iframes in this state. Iframes in this state will be fully permitted this is only advised for trusted URLs. Further information about the sandbox attribute can be found in this HTML sandbox Attribute page. This state limits website functionality, such as removing the ability to submit forms and execute scripts and disabling API calls, ensuring a safer browsing experience. ![]() Iframes in this state have the sandbox attribute associated to them. Confluence admins then have the option to either permit URLs or change the default state for all Iframes URLs that are not in the approved list to block the Iframe from being rendered. ![]() Iframe Statesīeginning in release 6.3 of Content Formatting for Confluence, all Iframe macros, by default, are sandboxed to mitigate risk. It is possible to remove Iframe URLs from the Approved URL List at any point by selecting the individual URL or by selecting all URLs in the list that should be removed and clicking Remove URLs. If you want to include pages with longer URLs, please use pattern matching as described below in the URL Patterns section. URLs are limited to a maximum length of 2,000 characters. Once the default settings have been set, admins have the ability to add individual Iframe URLs to the Approved URL List or to import all Iframe URLs to the list in bulk. Please see the Iframe States section below for more information on these two states. The Iframe Macro Configuration allows admins to specify the default display settings that all Iframe macros will appear in if they are not part of the Approved URL List.Īdmins have the option of either having an Iframe sandboxed or denied by default. Select Iframe Macro under Content Formatting Macros in the left sidebar. To navigate to the Iframe Macro Configuration menu:Ĭlick the Confluence Administration icon then select Manage Apps. Navigate to the Iframe Macro Configuration We recommend that you monitor and take action on Iframe URLs that do not match your security policies using this feature. To minimise risk, all Iframe URLs will default to have the sandbox attribute from version 6.3.1 of Content Formatting for Confluence. The Iframe macro could be used by a malicious user to inject a persistent cross-site scripting attack from a third party site into a page, comment, or blog post. Note that while Adaptavist is committed to producing safe applications, security should be considered when using this macro.
0 Comments
Leave a Reply. |