HoriZZon View for Confluence

Making sharing of HoriZZon content in Confluence easy and secure

Update: The current version of Horizzon View officially only supports the Server version of Confluence. However, it works perfectly with the Data Center version as well. Compatibility certification with Data Center is currently pending with Atlassian.

Introduction

HoriZZon View for Confluence is an app (plug-in) for Atlassian Confluence to streamline and secure the process of sharing content published in BiZZdesign's HoriZZon portal in Confluence. The primary advantages of the app are:

  • Enabling a fullscreen view of the shared HoriZZon view on Confluence. This introduces streamlined navigation not available when using the HTML-include-macro approach.
  • No need to utilise the HTML-include-macro which can make your Confluence site vulnerable to cross-site scripting attacks (see Security considerations section on the HTML-include-macro page for details).
  • Increased sharing security as the actual url is not visible anywhere in the Confluence UI, hence eliminating unintential sharing of the url to 3rd parties that normally should not have access to the contents.

The HoriZZon View for Confluence app is available through the Atlassian Marketplace.

To get started go through the following content:

Usage: Configuration

In order to use the HoriZZon View app to share HoriZZon content you first need to configure the app. You will need administrator right in order to perform the needed configuration. However, before going to Confluence you will need to figure out your HoriZZon host FQDN. The easiest way to do this is to enable sharing in your HoriZZon instance and click the Share button in published view in a site made shareable in HoriZZon.

In the Share view popup click on the Confluence button in the Embedded view section.

The host FQDN will be visible in the url of the HTML-code (which has been highlighted in the above screenshot). Make a note of the host FQDN as you'll need in the next step.

Log into Confluence with a user that has administrator privileges and navigate to the General configuration. In the left hand side menu you will find a menu item called HoriZZon View Admin which leads to a configuration screen as shown above. Insert the host FQDN you made a note of and press the Save button.

Usage: Inserting a view

To share content published and made shareable in HoriZZon you will use the View key, the View key is a string of characters that identify the view to show. In order to fetch the View key you'll need to first navigate to the view you want to share and click the Share button.

In the Share view popup click on the Confluence button in the Embedded view section.

The view key will be visible in the url of the HTML-code (which has been highlighted in the above screenshot). Make a note of the view key as you'll need in the next step.

In Confluence navigate to the page you wish to insert the shared view into. Press the Edit button to edit the page.

In editing mode move the cursor to the position where you want to add the HoriZZon view and click on Other macros in the Insert more content dropdown.

In the Select macro popup navigate to Visuals and images subsection and choose the HoriZZonview macro.

In the macro configuration view you now need to insert the view key you copied from the Share view on Confluence popup in HoriZZon. You can also configure the size of the view from the size dropdown as well as the aspect ratio from the aspect dropdown. Once your done configuring press the Insert button.

You now have the HoriZZon View macro inserted on the page and can continue editing the page.

Once you save your page the view will be rendered on the page. In order to enable reasonable navigation of the Confluence page any interactions (for instance scrolling or navigating to HoriZZon) with the view are disabled. However, interactions are available in the fullscreen view.

If you hover the mouse cursor over the view a Full screen button will appear on the top middle of the view. Pressing this button will upen up the view in a full screen mode in a new browser window/tab.

Security feature

The app will sanitize any given input parameters to mitigate injection exploits.

In this example malicious html is injected to the view key parameter.

Malicious code or incorrect view keys will be rendered as a This content is not available outside HoriZZon view.

FAQ

  1. Where's the Confluence Cloud version?
    Currently the capabilities for confluence cloud apps are not sufficient to support a full-fledged HoriZZon View app. Atlassian Forge will introduce the needed functionality and once this framework is fully stabilised (it's in Beta at this moment) a Confluence Cloud version of this app will be developed.