The RSS and HTML-include macros are used to include content dynamically from other websites onto a Confluence page. The included content may possibly be malicious or harmful to your Confluence instance.
Confluence administrators can set up a list of trusted URLs, thus limiting the locations from which the RSS macro and the HTML-include macro can draw their content.
The form below allows you to define specific URLs and/or URL patterns which are trusted, or to allow inclusion from all URLs without restriction.
To configure the URL whitelist,
 - Select 'Configure Whitelist' in the left-hand panel.
- The 'Configure Whitelist' screen will appear, as shown in the screenshot below.
- Select one of the radio buttons as follows:
- Allow all domains — There will be no restrictions to the content which can be included onto your Confluence pages.
- Restrict to listed domains — Confluence will allow content from trusted URLs only. When you select this option, a textbox will open allowing you to enter specific URLs and/or URL patterns. Enter one or more URLs, each on its own line. You can enter the full URL, or use the pattern matching rules described below.
- Click 'Save'.
|
Screenshot: Configuring a URL whitelist
URL Pattern-Matching Rules
Enter one URL or URL pattern per line. You can enter a full URL or use pattern-matching as described below:
- If the rule starts with an equals sign (=), only the exact URL following the '=' will be allowed.
- If the rule starts with a slash (/) then the whole rule will be treated as a regular expression.
- Otherwise, any asterisk (*) will be treated as a wildcard to match one or more characters.
What Happens to a Page Containing a Disallowed URL?
Notes
Some things to be aware of:
- By default, the RSS and HTML-include macros are disabled in Confluence. A System Administrator can enable them on the 'Plugins' screen of the Confluence Administration Console.
- A user who has the 'Confluence Administrator' permission, but not necessarily the 'System Administrator' permission, can configure the URL whitelist (for the HTML-include and RSS macros).
RELATED TOPICS
Enabling HTML macros
RSS Feed Macro
HTML Include Macro
