This page tells you how to restrict some Confluence macros so that they can get information from authorised sources (URLs) only.

Whitelisting URLs for the RSS and HTML Include macros

The RSS and HTML Include macros are used to include content dynamically from other websites onto a Confluence page. The included content may possibly be malicious or harmful to your Confluence instance.

Confluence administrators can set up a list of trusted URLs, thus limiting the locations from which the RSS macro and the HTML Include macro can draw their content.

The form below allows you to define specific URLs and/or URL patterns which are trusted, or to allow inclusion from all URLs without restriction.

To configure the URL whitelist:

1. 
2. Select Configure Whitelist in the left-hand panel. The 'Configure Whitelist' screen will appear, as shown in the screenshot below.
3. Select one of the options as follows:
   • Allow all domains — There will be no restrictions to the content which can be included onto your Confluence pages.
   • Restrict to listed domains — Confluence will allow content from trusted URLs only. When you select this option, a textbox will open allowing you to enter specific URLs and/or URL patterns. Enter one or more URLs, each on its own line. You can enter the full URL, or use the pattern matching rules described below.
4. Click Save.