Hello,
this may very well be a stupid question that could be searched with a specific google-search, but I myself cannot find anything that clearly explains the difference between the Include and the Display Macro, or rather, in a way that is understandable to me.
Based on my shallow understanding, when using the include-macro, you are vulnerable to (or be aware of) code-injection attacks right? Is that still the case with the display-macro?
From Include macro documentation:
Include other pages into the current page. By default this macro acts as if the included content was copied in the including page (e.g. if you include a page with relative links to images, they won’t be found since they won’t exist in the including page). If, instead you wish to include the result of what you get when you view the included page, use the display macro instead.
Regarding the security issues like code-injection attacks, XWiki team is doing the best effort to prevent them, so you should be protected in both cases.
Maybe someone else could confirm.
Hope it helps!
This post was flagged by the community and is temporarily hidden.