Database Plugin - HTML is encoded

I use the Database Plugin to get data from different datasources like e.g. our ticket system (OTRS v6). Within the query I also create HTML links like this:

<a href="https://127.0.0.1/somewhere">Linkname</a>

The problem is, that the Add-On has no setting to exclude HTML elements from being encoded so in the end the link is not working.

Other Add-Ons like "SQL for Confluence" offer a setting to handle generated HTML in the query.

Here is the Atlassian documentation that is related to this issue of mine: https://developer.atlassian.com/server/confluence/enabling-xss-protection-in-plugins/

Here is the SQL-Query I use....

--
-- List of customers in OTRS with the number of open tickets and 
-- OTRS-URL to customer overview.
--
SELECT customer.customer_id
      ,customer.name
      ,customer.street
      ,customer.zip
      ,customer.city
      ,customer.country
      ,customer.url
      ,customer.comments
      ,COALESCE(customer_tickets_open.open_tickets, 0) AS open_tickets
      ,CASE WHEN customer_tickets_open.open_tickets > 0
            THEN CONCAT('<a href="https://127.0.0.1/otrs/index.pl?Action=AgentTicketSearch;Subaction=Search;CustomerIDRaw=', TRIM(customer.customer_id), ';StateType=Open"', ' target="_blank">Open OTRS</a>')
            ELSE ''
       END AS otrs_url
FROM public.customer_company AS customer
LEFT JOIN (
     SELECT customer_id
           ,COUNT(1) AS open_tickets
     FROM public.ticket
     INNER JOIN public.ticket_state
           ON ticket.ticket_state_id=ticket_state.id
     WHERE ticket_state.valid_id=1 and ticket_state.name='open'
     GROUP BY customer_id
) AS customer_tickets_open
ON customer.customer_id = customer_tickets_open.customer_id
WHERE customer.valid_id=1
ORDER BY customer.name
        ,customer.zip
;

Comments (4)