Raw Macro

Last modified by Admin on 2024/05/20 00:19

cogDirectly output content in a target syntax
TypeJAR
CategoryMacro
Developed by

XWiki Development Team

Active Installs0
Rating
0 Votes
LicenseGNU Lesser General Public License 2.1
Compatibility

Since 13.1RC1

Installable with the Extension Manager

Description

When content is parsed, an XDOM tree is created. Sometimes you don't have any way to express the content you wish in that XDOM tree and you only wish that your content is output as is, when the XDOM is then rendered in a given syntax. You can use the raw macro for this need.

Usage

From Wiki Syntax

{{raw syntax="<syntax id>"}}
content written in <syntax id>
{{/raw}}

Parameters definition

NameOptionalAllowed valuesDefault valueDescription
syntaxnovalid syntax idN/AThe id of the syntax in which the content is written (e.g. latex/1.0, xhtml/1.0)

Example

Example:

{{raw syntax="xhtml/1.0"}}
<form>
 <label for="fname">First name:</label><br>
 <input type="text" id="fname" name="fname"><br>
 <label for="lname">Last name:</label><br>
 <input type="text" id="lname" name="lname">
</form>
{{/raw}}

Security

Raw output can have important security consequences like XSS in the context of HTML output, see also CVE-2023-29205. XWiki 14.8+ For this reason, the raw macro calls all components implementing RawBlockFilter to clean its content. By default, if the author of the content that contains the macro doesn't have script right or the macro is executed in a restricted context (like comments or old revisions), the included HTML filter cleans all HTML syntax variants with a sanitizer filter enabled. The sanitizer follows the rules configured in the XML module. In the default configuration, it uses a list of allowed HTML tags and attributes that prevent dangerous content like scripts or iframes.

If you also use other syntaxes like LaTeX for export, make sure you're aware of the consequences of installing the raw macro as raw syntax can be dangerous. For example, the LaTeX exporter by default enables external command execution in LaTeX which could lead to remote code execution vulnerabilities depending on the configuration of the server.

Prerequisites & Installation Instructions

We recommend using the Extension Manager to install this extension (Make sure that the text "Installable with the Extension Manager" is displayed at the top right location on this page to know if this extension can be installed with the Extension Manager).

You can also use the manual method which involves dropping the JAR file and all its dependencies into the WEB-INF/lib folder and restarting XWiki.

Dependencies

Dependencies for this extension (org.xwiki.rendering:xwiki-rendering-macro-raw 16.3.1):

Get Connected