[cle-release-team] Fwd: [sakai2-tcc] Question about AntiSamy decision

Matthew Jones matthew at longsight.com
Wed Apr 24 07:15:37 PDT 2013 

Right, as part of Aaron cleanup, the property files in config were intended
to have the defaults reflected but commented out. The code was expected to
have the correct defaults for everything except for the kernel properties.

Though it looks like in the code defaultlUseLegacyCleaner is set to false.
(In kernel-impl/src/main/java/org/sakaiproject/util/impl/FormattedTextImpl.java)

This certainly makes it confusing for merging things back if you expect
trunk to be set to one thing and a branch at another, eh? Either the code
has to be different in both places or a property needs to be different . .
. Which is best?


On Wed, Apr 24, 2013 at 10:00 AM, Sam Ottenhoff <ottenhoff at longsight.com>wrote:

> It's read at startup exactly as you describe.... but everything related to
> use of the legacy cleaner is commented out, so it does nothing.
>
>
> On Wed, Apr 24, 2013 at 9:54 AM, Anthony Whyte <arwhyte at umich.edu> wrote:
>
>> Are you saying that /config default.sakai.properties is no longer read on
>> start up as was formerly the case?
>>
>> kernel.properties
>> overridden by config default.sakai.properties
>> overridden by local deployers sakai.properties
>>
>> Anth
>>
>>
>>
>>
>> On Apr 24, 2013, at 9:51 AM, Sam Ottenhoff wrote:
>>
>> I'm not following.... In default.sakai.properties it's just a comment.
>>  Nothing is activated unless the Sakai deployer chooses to explicitly
>> override in their deployment using their own sakai.properties or
>> local.properties.
>>
>> --Sam
>>
>>
>> On Wed, Apr 24, 2013 at 9:45 AM, Anthony Whyte <arwhyte at umich.edu> wrote:
>>
>>> It will override once it's activated.
>>>
>>> Anth
>>>
>>>
>>> On Apr 24, 2013, at 9:38 AM, Sam Ottenhoff wrote:
>>>
>>> default.sakai.properties doesn't override, it documents the defaults.
>>>
>>>
>>> http://source.sakaiproject.org/viewsvn/config/branches/sakai-2.9.x/configuration/bundles/src/bundle/org/sakaiproject/config/bundle/default.sakai.properties?view=markup
>>>
>>> Line 335: # Default: true in 2.9.x and below (do not use AntiSamy),
>>> false in 2.10.x and above (use AntiSamy)
>>>
>>>
>>> On Wed, Apr 24, 2013 at 9:08 AM, Anthony Whyte <arwhyte at umich.edu>wrote:
>>>
>>>> I should also note that that KNL-1015, r122516 adds the following
>>>> property setting to kernel.properties
>>>>
>>>> # KNL-1015: setting default for 2.9.2 release
>>>> content.cleaner.use.legacy.html=true
>>>>
>>>> Not much value in this tweek of kernel.properties since it's going to
>>>> get overridden by the settings embedded in default.sakai.properties.
>>>>
>>>> Anth
>>>>
>>>>
>>>>
>>>>
>>>> Begin forwarded message:
>>>>
>>>> *From: *Anthony Whyte <arwhyte at umich.edu>
>>>> *Date: *April 24, 2013 9:01:00 AM EDT
>>>> *To: *Neal Caidin <nealcaidin at sakaifoundation.org>
>>>> *Cc: *"May, Megan Marie" <mmmay at indiana.edu>, "
>>>> sakai2-tcc at collab.sakaiproject.org Committee" <
>>>> sakai2-tcc at collab.sakaiproject.org>
>>>> *Subject: **Re: [sakai2-tcc] Question about AntiSamy decision*
>>>>
>>>> The problem 2.9.x merge is KNL-1015, r122360.
>>>>
>>>> Change
>>>>
>>>> #content.cleaner.use.legacy.html=false
>>>> . . .
>>>> #content.cleaner.default.low.security=true
>>>>
>>>> to
>>>>
>>>> content.cleaner.use.legacy.html=true
>>>> . . .
>>>> content.cleaner.default.low.security=true  (enabling this property
>>>> should be unnecessary, as the above property should override it,
>>>> irrespective of the value chosen)
>>>>
>>>>
>>>> Anth
>>>>
>>>>
>>>>
>>>> On Apr 24, 2013, at 8:40 AM, Neal Caidin wrote:
>>>>
>>>> Blocker bug to have AntiSamy off by default, or AntiSamy on with Low
>>>> setting by default?
>>>>
>>>> Thanks,
>>>> Neal
>>>>
>>>> On Apr 24, 2013, at 8:15 AM, "May, Megan Marie" <mmmay at indiana.edu>
>>>> wrote:
>>>>
>>>> File a blocker bug.
>>>>
>>>>
>>>> Megan
>>>>
>>>>
>>>> Sent from my iPhone
>>>>
>>>>
>>>> On Apr 24, 2013, at 8:13 AM, "Neal Caidin" <
>>>> nealcaidin at sakaifoundation.org> wrote:
>>>>
>>>>
>>>>
>>>> Hi TCC,
>>>>
>>>>
>>>> For some reason I had it in my head that the default for AntiSamy in
>>>> CLE 2.9.2 is on with Low setting.  But when I look at the recorded decision
>>>> it indicates that AntiSamy will be disabled by default for 2.9.2 . Thirdly,
>>>> when I look at the properties, it appears to me to be set to default on
>>>> AntiSamy High. ugh :-p . Please help?
>>>>
>>>>
>>>> See below for details.
>>>>
>>>>
>>>> Thanks,
>>>>
>>>> Neal
>>>>
>>>>
>>>>
>>>> Proposal
>>>>
>>>> --------------------------
>>>>
>>>> https://confluence.sakaiproject.org/display/TCC/2013+TCC+Voting+Summary
>>>>
>>>>
>>>> "PROPOSAL
>>>>
>>>>  Inclusion of Anitsamy as a replacement of formattedtext in 2.9.2.  The
>>>> change will be disabled OOTB and summaries of low and high AntiSamy
>>>> policies will be provided in 'plain speak.'
>>>>
>>>>
>>>> Once there is positive production experience, Antisamy will be the
>>>> default in subsequent releases (ie 2.9.3)."
>>>>
>>>>
>>>> AntiSamy properties in 2.9.x -
>>>> https://source.sakaiproject.org/viewsvn/config/branches/sakai-2.9.x/configuration/bundles/src/bundle/org/sakaiproject/config/bundle/default.sakai.properties?view=markup
>>>>
>>>> -----------------------------
>>>>
>>>> # Force the use of the legacy html content processor (used in versions
>>>> before and including 2.9),
>>>>
>>>> # if this is not overridden then the antisamy html cleaner will be used
>>>>
>>>> # Default: true in 2.9.x and below (do not use AntiSamy), false in
>>>> 2.10.x and above (use AntiSamy)
>>>>
>>>> #content.cleaner.use.legacy.html=false
>>>>
>>>>
>>>> # Force the user of a lower security profile for content processing and
>>>> scanning,
>>>>
>>>> # if this is not overridden then high security settings are used.
>>>>
>>>> # The standard high and low files are located in
>>>> "kernel/sakai-kernel-impl/src/main/resources/antisamy/"
>>>>
>>>> # Override the standard files by placing your own files in:
>>>>
>>>> #       ${sakai.home}/antisamy/high-security-policy.xml
>>>>
>>>> #       ${sakai.home}/antisamy/low-security-policy.xml
>>>>
>>>> # NOTE: only works if AntiSamy is enabled (see
>>>> content.cleaner.use.legacy.html)
>>>>
>>>> # Default: false (use high security - no unsafe embeds or objects)
>>>>
>>>> #content.cleaner.default.low.security=true
>>>>
>>>>
>>>> AntiSamy properties in Trunk -
>>>> https://source.sakaiproject.org/viewsvn/config/trunk/configuration/bundles/src/bundle/org/sakaiproject/config/bundle/default.sakai.properties?view=markup
>>>>
>>>> --------------------------------
>>>>
>>>> # Force the use of the legacy html content processor (used in versions
>>>> before and including 2.9),
>>>>
>>>> # if this is not overridden then the antisamy html cleaner will be used
>>>>
>>>> # Default: false (use AntiSamy)
>>>>
>>>> #content.cleaner.use.legacy.html=true
>>>>
>>>>
>>>> # Force the user of a lower security profile for content processing and
>>>> scanning,
>>>>
>>>> # if this is not overridden then high security settings are used.
>>>>
>>>> # The standard high and low files are located in
>>>> "kernel/sakai-kernel-impl/src/main/resources/antisamy/"
>>>>
>>>> # Override the standard files by placing your own files in:
>>>>
>>>> #       ${sakai.home}/antisamy/high-security-policy.xml
>>>>
>>>> #       ${sakai.home}/antisamy/low-security-policy.xml
>>>>
>>>> # NOTE: only works if AntiSamy is enabled (see
>>>> content.cleaner.use.legacy.html)
>>>>
>>>> # Default: false (use high security - no unsafe embeds or objects)
>>>>
>>>> #content.cleaner.default.low.security=true
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>>
>>>> sakai2-tcc mailing list
>>>>
>>>> sakai2-tcc at collab.sakaiproject.org
>>>>
>>>> http://collab.sakaiproject.org/mailman/listinfo/sakai2-tcc
>>>>
>>>>
>>>> _______________________________________________
>>>> sakai2-tcc mailing list
>>>> sakai2-tcc at collab.sakaiproject.org
>>>> http://collab.sakaiproject.org/mailman/listinfo/sakai2-tcc
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> cle-release-team mailing list
>>>> cle-release-team at collab.sakaiproject.org
>>>> http://collab.sakaiproject.org/mailman/listinfo/cle-release-team
>>>>
>>>>
>>>
>>>
>>
>>
>
> _______________________________________________
> cle-release-team mailing list
> cle-release-team at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/cle-release-team
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/cle-release-team/attachments/20130424/87d30925/attachment-0006.html

More information about the cle-release-team mailing list