[cle-release-team] Fwd: [sakai2-tcc] Question about AntiSamy decision

Aaron Zeckoski azeckoski at unicon.net
Wed Apr 24 07:23:22 PDT 2013 

Default props should have those options commented out.
Kernel should only have the legacy set to true.
I only have my phone but hope this helps.
 On Apr 24, 2013 8:08 AM, "Anthony Whyte" <arwhyte at umich.edu> wrote:

> I should also note that that KNL-1015, r122516 adds the following property
> setting to kernel.properties
>
> # KNL-1015: setting default for 2.9.2 release
> content.cleaner.use.legacy.html=true
>
> Not much value in this tweek of kernel.properties since it's going to get
> overridden by the settings embedded in default.sakai.properties.
>
> Anth
>
>
>
>
> Begin forwarded message:
>
> *From: *Anthony Whyte <arwhyte at umich.edu>
> *Date: *April 24, 2013 9:01:00 AM EDT
> *To: *Neal Caidin <nealcaidin at sakaifoundation.org>
> *Cc: *"May, Megan Marie" <mmmay at indiana.edu>, "
> sakai2-tcc at collab.sakaiproject.org Committee" <
> sakai2-tcc at collab.sakaiproject.org>
> *Subject: **Re: [sakai2-tcc] Question about AntiSamy decision*
>
> The problem 2.9.x merge is KNL-1015, r122360.
>
> Change
>
> #content.cleaner.use.legacy.html=false
> . . .
> #content.cleaner.default.low.security=true
>
> to
>
> content.cleaner.use.legacy.html=true
> . . .
> content.cleaner.default.low.security=true  (enabling this property should
> be unnecessary, as the above property should override it, irrespective of
> the value chosen)
>
>
> Anth
>
>
>
> On Apr 24, 2013, at 8:40 AM, Neal Caidin wrote:
>
> Blocker bug to have AntiSamy off by default, or AntiSamy on with Low
> setting by default?
>
> Thanks,
> Neal
>
> On Apr 24, 2013, at 8:15 AM, "May, Megan Marie" <mmmay at indiana.edu> wrote:
>
> File a blocker bug.
>
>
> Megan
>
>
> Sent from my iPhone
>
>
> On Apr 24, 2013, at 8:13 AM, "Neal Caidin" <nealcaidin at sakaifoundation.org>
> wrote:
>
>
>
> Hi TCC,
>
>
> For some reason I had it in my head that the default for AntiSamy in CLE
> 2.9.2 is on with Low setting.  But when I look at the recorded decision it
> indicates that AntiSamy will be disabled by default for 2.9.2 . Thirdly,
> when I look at the properties, it appears to me to be set to default on
> AntiSamy High. ugh :-p . Please help?
>
>
> See below for details.
>
>
> Thanks,
>
> Neal
>
>
>
> Proposal
>
> --------------------------
>
> https://confluence.sakaiproject.org/display/TCC/2013+TCC+Voting+Summary
>
>
> "PROPOSAL
>
> Inclusion of Anitsamy as a replacement of formattedtext in 2.9.2.  The
> change will be disabled OOTB and summaries of low and high AntiSamy
> policies will be provided in 'plain speak.'
>
>
> Once there is positive production experience, Antisamy will be the default
> in subsequent releases (ie 2.9.3)."
>
>
> AntiSamy properties in 2.9.x -
> https://source.sakaiproject.org/viewsvn/config/branches/sakai-2.9.x/configuration/bundles/src/bundle/org/sakaiproject/config/bundle/default.sakai.properties?view=markup
>
> -----------------------------
>
> # Force the use of the legacy html content processor (used in versions
> before and including 2.9),
>
> # if this is not overridden then the antisamy html cleaner will be used
>
> # Default: true in 2.9.x and below (do not use AntiSamy), false in 2.10.x
> and above (use AntiSamy)
>
> #content.cleaner.use.legacy.html=false
>
>
> # Force the user of a lower security profile for content processing and
> scanning,
>
> # if this is not overridden then high security settings are used.
>
> # The standard high and low files are located in
> "kernel/sakai-kernel-impl/src/main/resources/antisamy/"
>
> # Override the standard files by placing your own files in:
>
> #       ${sakai.home}/antisamy/high-security-policy.xml
>
> #       ${sakai.home}/antisamy/low-security-policy.xml
>
> # NOTE: only works if AntiSamy is enabled (see
> content.cleaner.use.legacy.html)
>
> # Default: false (use high security - no unsafe embeds or objects)
>
> #content.cleaner.default.low.security=true
>
>
> AntiSamy properties in Trunk -
> https://source.sakaiproject.org/viewsvn/config/trunk/configuration/bundles/src/bundle/org/sakaiproject/config/bundle/default.sakai.properties?view=markup
>
> --------------------------------
>
> # Force the use of the legacy html content processor (used in versions
> before and including 2.9),
>
> # if this is not overridden then the antisamy html cleaner will be used
>
> # Default: false (use AntiSamy)
>
> #content.cleaner.use.legacy.html=true
>
>
> # Force the user of a lower security profile for content processing and
> scanning,
>
> # if this is not overridden then high security settings are used.
>
> # The standard high and low files are located in
> "kernel/sakai-kernel-impl/src/main/resources/antisamy/"
>
> # Override the standard files by placing your own files in:
>
> #       ${sakai.home}/antisamy/high-security-policy.xml
>
> #       ${sakai.home}/antisamy/low-security-policy.xml
>
> # NOTE: only works if AntiSamy is enabled (see
> content.cleaner.use.legacy.html)
>
> # Default: false (use high security - no unsafe embeds or objects)
>
> #content.cleaner.default.low.security=true
>
>
>
> _______________________________________________
>
> sakai2-tcc mailing list
>
> sakai2-tcc at collab.sakaiproject.org
>
> http://collab.sakaiproject.org/mailman/listinfo/sakai2-tcc
>
>
> _______________________________________________
> sakai2-tcc mailing list
> sakai2-tcc at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai2-tcc
>
>
>
>
> _______________________________________________
> cle-release-team mailing list
> cle-release-team at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/cle-release-team
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/cle-release-team/attachments/20130424/54fe10ab/attachment-0006.html

More information about the cle-release-team mailing list