Raw Macro
 | Directly output content in a target syntax |
| Type | JAR |
| Category | Macro |
| Developed by | |
| Active Installs | 0 |
| Rating | |
| License | GNU Lesser General Public License 2.1 |
| Compatibility | Since 13.1RC1 |
Table of contents
Description
When content is parsed, an XDOM tree is created. Sometimes you don't have any way to express the content you wish in that XDOM tree and you only wish that your content is output as is, when the XDOM is then rendered in a given syntax. You can use the raw macro for this need.
Usage
From Wiki Syntax
content written in <syntax id>
{{/raw}}
Parameters definition
| Name | Optional | Allowed values | Default value | Description |
|---|---|---|---|---|
| syntax | no | valid syntax id | N/A | The id of the syntax in which the content is written (e.g. latex/1.0, xhtml/1.0) |
Example
Example:
<form>
<label for="fname">First name:</label><br>
<input type="text" id="fname" name="fname"><br>
<label for="lname">Last name:</label><br>
<input type="text" id="lname" name="lname">
</form>
{{/raw}}
Security
Raw output can have important security consequences like XSS in the context of HTML output, see also CVE-2023-29205. XWiki 14.8+ For this reason, the raw macro calls all components implementing RawBlockFilter to clean its content. By default, if the author of the content that contains the macro doesn't have script right or the macro is executed in a restricted context (like comments or old revisions), the included HTML filter cleans all HTML syntax variants with a sanitizer filter enabled. The sanitizer follows the rules configured in the XML module. In the default configuration, it uses a list of allowed HTML tags and attributes that prevent dangerous content like scripts or iframes.
If you also use other syntaxes like LaTeX for export, make sure you're aware of the consequences of installing the raw macro as raw syntax can be dangerous. For example, the LaTeX exporter by default enables external command execution in LaTeX which could lead to remote code execution vulnerabilities depending on the configuration of the server.
Prerequisites & Installation Instructions
We recommend using the Extension Manager to install this extension (Make sure that the text "Installable with the Extension Manager" is displayed at the top right location on this page to know if this extension can be installed with the Extension Manager).
You can also use the manual method which involves dropping the JAR file and all its dependencies into the WEB-INF/lib folder and restarting XWiki.
Dependencies
Dependencies for this extension (org.xwiki.rendering:xwiki-rendering-macro-raw 16.9.0):
