A short introduction to manage (add, alter, remove) userscripts with the Userscripts for Confluence App.

The Userscripts for Confluence Add-on requires a basic configuration by the userscripts administrators to serve the appropriate userscripts for the users. This configuration requires two steps:

Manage userscripts in a script repository
Configure userscripts for activation

This short introduction shows you how to setup a script repository and how to configure your first userscript.

Managing a Script Repository

The userscript code is typically stored on remote server or on a collection of Confluence pages as attachments.

Using a Remote Repository

A remote repository is a service connected to the web so that the Confluence server can access the resources via the Hypertext Transfer Protocol (HTTP). All the remote server must be capable of is to serve userscript files referenced by an Uniform Resource Locator (URL) via HTTP. The URL will then be added to the resource and enriched with metadata and an activation record.

The remote repository may be a Git server or any other server that can be connected to Confluence and server files.

Remote Access Configuration

To provide access to a remote server this server probably needs to be on the Confluence Whitelist. If there is authentication involved, the remote repository must be configured with Confluence Application Links.

Once the remote repository is configured to be accessed from the Confluence server, you need to add the JavaScript files to be used as userscripts.

Security Alert!

Since these scripts will be executed in the browser of the Confluence users, you need to protect these code files from being changed by anyone but your userscript team.

In case an attacker manages to change these files, this will wreak havoc since users execute malignant code in a trusted environment!

Using a Confluence Space

If the userscripts administrator team does not want to use a remote repository, the scripts can be served from Confluence pages, too.

Script Repository Space

The PDAPP:Doctypes for App User Manuals provide a space names PDAPP:Script Repository to manage userscripts in Confluence.

Simply add the JavaScript file as an attachment to a page and copy the Uniform Resource Locator (URL) to this attachment. The URL will then be added to the resource and enriched with metadata and an activation record.

Security Alert!

Since these scripts will be executed in the browser of the Confluence users, you need to protect these code files from being changed by anyone but your userscript team.

In case an attacker manages to change these files, this will wreak havoc since users execute malignant code in a trusted environment!

Please note that the access privileges on the Confluence pages having the userscripts attached are not checked by the userscript activation process! This is necessary since scripts may need to be executed by anonymous users without giving everyone access to the script code.

Managing Userscripts in Confluence

The userscripts resource manages metadata and a reference to the userscript code. Therefore it provides operations to add, remove, and alter userscripts.

This shows how to use the REST service via the REST API Browser directly.

An alternative way to administrate userscripts is the use of the Userscript Admin Tool. The tool provides a simple GUI to create, search, edit, and save userscripts.

The userscript consists of

an identifier consisting of namespace, name, and version
a reference to the userscript code (script)
metadata, like a description, a reference to further information (documentation), and an support
an activation record (activation) that defines when the userscript is actually executed

The following fragment shows the basic structure of a userscript in JSON.

Userscript Descriptor in JSON

{
  "namespace": "...",
  "name": "...",
  "version": "...",

  "script": "...",

  "description": "...",
  "documentation": "...",
  "support": "...",

  "activation": {
    "space": ["...", ...],
    "category": ["...", ...],
    "label": ["...", ...],
    "group": ["...", ...],
    "user": ["...", ...]
  }
}

Add Userscript

Suppose you want to add a script named hello-world.js, stored on a remote server and accessible by the URL https://example.com/userscripts/hello-world.js.

Hello World! Userscript

"use strict";

console.log("Hello World!");
alert("Hello World!");

Then the userscript configuration would look something like this:

Userscript Descriptor in JSON

{
  "namespace": "org.example.scripts",
  "name": "hello-world",
  "version": "1.0",

  "script": "https://example.com/userscripts/hello-world.js",

  "description": "Displays an alertbox with the text 'Hello World!'.",
  "documentation": "https://example.com/userscripts/hello-world.html",
  "support": "Scripts Team",

  "activation": {
    "space": ["UES"],
    "group": ["userscripts-evaluation-team"]
  }
}

In this example the hello world script will be executed on each page within the Userscripts Evaluation Space (with space key UES) if the user is member of the Group userscripts-evaluation-team.

To access this resource users require to be a member of the confluence administrators or the userscripts administrators.

Name	Short Description	Path / Method
Create Userscript by JSON	Creates a new userscript.	`/userscripts` POST
Delete Userscript	Deletes a userscript uniquely identified by its namespace, name, and version.	`/userscripts/{namespace}/{name}/{version}` DELETE
Get all Userscripts	Provides access to the list of userscripts that are currently stored in the userscripts repository.	`/userscripts` GET
Get Userscript	Provides access to a unique userscript by its namespace, name, and version.	`/userscripts/{namespace}/{name}/{version}` GET
Update Userscript by JSON	Updates an existing userscript.	`/userscripts` PUT

To create a new userscript post the JSON representation to the server with Create Userscript by JSON.

Any REST client can interact with the REST API of the Userscripts for Confluence app. The REST API Browser may be convenient for administrators that want to use the API once in a while via a user interface from within Confluence.

Screenshot showing the userscript in the user interface of the REST API Browser on Confluence.

After creating the userscript, check if it is accessible.

Screenshot shows the REST API Browser with the Userscript Identifier to check if it is accessible.

If everything is configured successfully, you should get a HTTP response with status code 200 and the listing of the hello world userscript code.

To test which userscripts are actually activated, you could use the Userscripts Context Service. Currently it is only possible to use this service for the currently logged in user. So if there is a space with space key UES and you are member of the Confluence group names userscripts-evaluation-team, then provide the page identifier to the service. The service returns a list of URLs to activated scripts. The hello world userscript should be member of this list.

And whenever member if the group visits the space, there is log message in the browser's console and an alert box popping up.

Update Userscript

To update a userscript simply load the current userscript, alter the properties, and store it back using PUT.

Scripts are cached

Please note that for better performance the scripts are cached. Scripts are identified via HTTP by their namespace, name, and version.

Therefore the version of the userscript requires to be altered whenever the code of the userscript is changed.

If the version is not altered, the browser will execute a cached (old) version of the script.

Resources

Userscript Admin Tool: A graphical tool to create, search, and edit userscripts.

Page tree

Docs

Support

Free Blueprints

Tooling for Blueprints

Free Extensions

Spaces

Plugins for Maven

Incubator

Libraries for Java

Incubator

Add-ons for Confluence

Tools

Support

Team

Legal