What is changing?
We are deprecating the AP.Host.getSelectedText
API in Jira and Confluence, due to security and privacy concerns.
Why is it changing?
This API grants access to text the user has selected anywhere on the page, without any confirmation or intervention by the user. It is not clear when an app is installed that this behaviour is possible. This presents a security and privacy risk to the user.
What do I need to do?
If your app does use this API, there’s nothing you need to do to keep your app running without errors.
The deprecation will be handled in a backwards compatible manner, the API will simply return the empty string ""
under all circumstances.
If your app relies on this functionality, please first consider whether there is another way to get the information you need, such as asking the user to copy/paste the selected text. This restores the user’s control over which data they want to share.
Another option is migrating to our new app platform, Forge. Forge has implemented this same API in a much more privacy-preserving manner, by requiring the user to select the text they wish to share and then explicitly choosing an application to process that selected text.
See this guide for an example: Use selected text in a Confluence Forge app
If migrating to Forge is not an option, other app developers have created a browser extension to workaround this limitation, as this API already doesn’t exist in Server editions of our products.
By when do I need to do it?
We will be releasing this change to our developer beta groups this week, by Friday 14th Jan 2022. We will then be targeting a public rollout of this change by July 10, 2022, providing a deprecation period of 6 months.