[cle-release-team] Fwd: [sakai2-tcc] Question about AntiSamy decision

Anthony Whyte arwhyte at umich.edu
Wed Apr 24 06:54:53 PDT 2013 

Are you saying that /config default.sakai.properties is no longer read on start up as was formerly the case?

kernel.properties
	overridden by config default.sakai.properties
		overridden by local deployers sakai.properties

Anth




On Apr 24, 2013, at 9:51 AM, Sam Ottenhoff wrote:

> I'm not following.... In default.sakai.properties it's just a comment.  Nothing is activated unless the Sakai deployer chooses to explicitly override in their deployment using their own sakai.properties or local.properties.
> 
> --Sam
> 
> 
> On Wed, Apr 24, 2013 at 9:45 AM, Anthony Whyte <arwhyte at umich.edu> wrote:
> It will override once it's activated.
> 
> Anth
> 
> 
> On Apr 24, 2013, at 9:38 AM, Sam Ottenhoff wrote:
> 
>> default.sakai.properties doesn't override, it documents the defaults.
>> 
>> http://source.sakaiproject.org/viewsvn/config/branches/sakai-2.9.x/configuration/bundles/src/bundle/org/sakaiproject/config/bundle/default.sakai.properties?view=markup
>> 
>> Line 335: # Default: true in 2.9.x and below (do not use AntiSamy), false in 2.10.x and above (use AntiSamy)
>> 
>> 
>> On Wed, Apr 24, 2013 at 9:08 AM, Anthony Whyte <arwhyte at umich.edu> wrote:
>> I should also note that that KNL-1015, r122516 adds the following property setting to kernel.properties
>> 
>> # KNL-1015: setting default for 2.9.2 release
>> content.cleaner.use.legacy.html=true
>> 
>> Not much value in this tweek of kernel.properties since it's going to get overridden by the settings embedded in default.sakai.properties.
>> 
>> Anth 
>> 
>> 
>> 
>> 
>> Begin forwarded message:
>> 
>>> From: Anthony Whyte <arwhyte at umich.edu>
>>> Date: April 24, 2013 9:01:00 AM EDT
>>> To: Neal Caidin <nealcaidin at sakaifoundation.org>
>>> Cc: "May, Megan Marie" <mmmay at indiana.edu>, "sakai2-tcc at collab.sakaiproject.org Committee" <sakai2-tcc at collab.sakaiproject.org>
>>> Subject: Re: [sakai2-tcc] Question about AntiSamy decision
>>> 
>>> The problem 2.9.x merge is KNL-1015, r122360.   
>>> 
>>> Change
>>> 
>>> #content.cleaner.use.legacy.html=false
>>> . . .
>>> #content.cleaner.default.low.security=true 
>>> 
>>> to
>>> 
>>> content.cleaner.use.legacy.html=true  
>>> . . .
>>> content.cleaner.default.low.security=true  (enabling this property should be unnecessary, as the above property should override it, irrespective of the value chosen)
>>> 
>>> 
>>> Anth
>>> 
>>> 
>>> 
>>> On Apr 24, 2013, at 8:40 AM, Neal Caidin wrote:
>>> 
>>>> Blocker bug to have AntiSamy off by default, or AntiSamy on with Low setting by default?
>>>> 
>>>> Thanks,
>>>> Neal
>>>> 
>>>> On Apr 24, 2013, at 8:15 AM, "May, Megan Marie" <mmmay at indiana.edu> wrote:
>>>> 
>>>>> File a blocker bug.   
>>>>> 
>>>>> Megan
>>>>> 
>>>>> Sent from my iPhone
>>>>> 
>>>>> On Apr 24, 2013, at 8:13 AM, "Neal Caidin" <nealcaidin at sakaifoundation.org> wrote:
>>>>> 
>>>>>> 
>>>>>> Hi TCC,
>>>>>> 
>>>>>> For some reason I had it in my head that the default for AntiSamy in CLE 2.9.2 is on with Low setting.  But when I look at the recorded decision it indicates that AntiSamy will be disabled by default for 2.9.2 . Thirdly, when I look at the properties, it appears to me to be set to default on AntiSamy High. ugh :-p . Please help? 
>>>>>> 
>>>>>> See below for details.
>>>>>> 
>>>>>> Thanks,
>>>>>> Neal
>>>>>> 
>>>>>> 
>>>>>> Proposal
>>>>>> --------------------------
>>>>>> https://confluence.sakaiproject.org/display/TCC/2013+TCC+Voting+Summary
>>>>>> 
>>>>>> "PROPOSAL
>>>>>> Inclusion of Anitsamy as a replacement of formattedtext in 2.9.2.  The change will be disabled OOTB and summaries of low and high AntiSamy policies will be provided in 'plain speak.'
>>>>>> 
>>>>>> Once there is positive production experience, Antisamy will be the default in subsequent releases (ie 2.9.3)."
>>>>>> 
>>>>>> AntiSamy properties in 2.9.x - https://source.sakaiproject.org/viewsvn/config/branches/sakai-2.9.x/configuration/bundles/src/bundle/org/sakaiproject/config/bundle/default.sakai.properties?view=markup
>>>>>> -----------------------------
>>>>>> # Force the use of the legacy html content processor (used in versions before and including 2.9),
>>>>>> # if this is not overridden then the antisamy html cleaner will be used
>>>>>> # Default: true in 2.9.x and below (do not use AntiSamy), false in 2.10.x and above (use AntiSamy)
>>>>>> #content.cleaner.use.legacy.html=false
>>>>>> 
>>>>>> # Force the user of a lower security profile for content processing and scanning,
>>>>>> # if this is not overridden then high security settings are used.
>>>>>> # The standard high and low files are located in "kernel/sakai-kernel-impl/src/main/resources/antisamy/"
>>>>>> # Override the standard files by placing your own files in:
>>>>>> #       ${sakai.home}/antisamy/high-security-policy.xml
>>>>>> #       ${sakai.home}/antisamy/low-security-policy.xml
>>>>>> # NOTE: only works if AntiSamy is enabled (see content.cleaner.use.legacy.html)
>>>>>> # Default: false (use high security - no unsafe embeds or objects)
>>>>>> #content.cleaner.default.low.security=true
>>>>>> 
>>>>>> AntiSamy properties in Trunk - https://source.sakaiproject.org/viewsvn/config/trunk/configuration/bundles/src/bundle/org/sakaiproject/config/bundle/default.sakai.properties?view=markup
>>>>>> --------------------------------
>>>>>> # Force the use of the legacy html content processor (used in versions before and including 2.9),
>>>>>> # if this is not overridden then the antisamy html cleaner will be used
>>>>>> # Default: false (use AntiSamy)
>>>>>> #content.cleaner.use.legacy.html=true
>>>>>> 
>>>>>> # Force the user of a lower security profile for content processing and scanning,
>>>>>> # if this is not overridden then high security settings are used.
>>>>>> # The standard high and low files are located in "kernel/sakai-kernel-impl/src/main/resources/antisamy/"
>>>>>> # Override the standard files by placing your own files in:
>>>>>> #       ${sakai.home}/antisamy/high-security-policy.xml
>>>>>> #       ${sakai.home}/antisamy/low-security-policy.xml
>>>>>> # NOTE: only works if AntiSamy is enabled (see content.cleaner.use.legacy.html)
>>>>>> # Default: false (use high security - no unsafe embeds or objects)
>>>>>> #content.cleaner.default.low.security=true
>>>>>> 
>>>>>> 
>>>>>> _______________________________________________
>>>>>> sakai2-tcc mailing list
>>>>>> sakai2-tcc at collab.sakaiproject.org
>>>>>> http://collab.sakaiproject.org/mailman/listinfo/sakai2-tcc
>>>> 
>>>> _______________________________________________
>>>> sakai2-tcc mailing list
>>>> sakai2-tcc at collab.sakaiproject.org
>>>> http://collab.sakaiproject.org/mailman/listinfo/sakai2-tcc
>>> 
>> 
>> 
>> _______________________________________________
>> cle-release-team mailing list
>> cle-release-team at collab.sakaiproject.org
>> http://collab.sakaiproject.org/mailman/listinfo/cle-release-team
>> 
>> 
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/cle-release-team/attachments/20130424/605c0192/attachment-0006.html

More information about the cle-release-team mailing list