- changed status to open
Database Plugin - HTML is encoded
Issue #27
resolved
I use the Database Plugin to get data from different datasources like e.g. our ticket system (OTRS v6). Within the query I also create HTML links like this:
<a href="https://127.0.0.1/somewhere">Linkname</a>
The problem is, that the Add-On has no setting to exclude HTML elements from being encoded so in the end the link is not working.
Other Add-Ons like "SQL for Confluence" offer a setting to handle generated HTML in the query.
Here is the Atlassian documentation that is related to this issue of mine: https://developer.atlassian.com/server/confluence/enabling-xss-protection-in-plugins/
Here is the SQL-Query I use....
--
-- List of customers in OTRS with the number of open tickets and
-- OTRS-URL to customer overview.
--
SELECT customer.customer_id
,customer.name
,customer.street
,customer.zip
,customer.city
,customer.country
,customer.url
,customer.comments
,COALESCE(customer_tickets_open.open_tickets, 0) AS open_tickets
,CASE WHEN customer_tickets_open.open_tickets > 0
THEN CONCAT('<a href="https://127.0.0.1/otrs/index.pl?Action=AgentTicketSearch;Subaction=Search;CustomerIDRaw=', TRIM(customer.customer_id), ';StateType=Open"', ' target="_blank">Open OTRS</a>')
ELSE ''
END AS otrs_url
FROM public.customer_company AS customer
LEFT JOIN (
SELECT customer_id
,COUNT(1) AS open_tickets
FROM public.ticket
INNER JOIN public.ticket_state
ON ticket.ticket_state_id=ticket_state.id
WHERE ticket_state.valid_id=1 and ticket_state.name='open'
GROUP BY customer_id
) AS customer_tickets_open
ON customer.customer_id = customer_tickets_open.customer_id
WHERE customer.valid_id=1
ORDER BY customer.name
,customer.zip
;
Comments (4)
-
-
Ping on this…
-
-
assigned issue to
-
assigned issue to
-
- changed status to resolved
implemented in 1.5.1
- Log in to comment