[cle-release-team] Fwd: [sakai2-tcc] Question about AntiSamy decision

Aaron Zeckoski azeckoski at unicon.net
Wed Apr 24 08:11:49 PDT 2013 

In trunk, that property should not exist in kernel.properties at all.
It should only exist in default props and it should be commented out.

-AZ


On Wed, Apr 24, 2013 at 10:15 AM, Matthew Jones <matthew at longsight.com> wrote:
> Right, as part of Aaron cleanup, the property files in config were intended
> to have the defaults reflected but commented out. The code was expected to
> have the correct defaults for everything except for the kernel properties.
>
> Though it looks like in the code defaultlUseLegacyCleaner is set to false.
> (In
> kernel-impl/src/main/java/org/sakaiproject/util/impl/FormattedTextImpl.java)
>
> This certainly makes it confusing for merging things back if you expect
> trunk to be set to one thing and a branch at another, eh? Either the code
> has to be different in both places or a property needs to be different . . .
> Which is best?
>
>
> On Wed, Apr 24, 2013 at 10:00 AM, Sam Ottenhoff <ottenhoff at longsight.com>
> wrote:
>>
>> It's read at startup exactly as you describe.... but everything related to
>> use of the legacy cleaner is commented out, so it does nothing.
>>
>>
>> On Wed, Apr 24, 2013 at 9:54 AM, Anthony Whyte <arwhyte at umich.edu> wrote:
>>>
>>> Are you saying that /config default.sakai.properties is no longer read on
>>> start up as was formerly the case?
>>>
>>> kernel.properties
>>> overridden by config default.sakai.properties
>>> overridden by local deployers sakai.properties
>>>
>>> Anth
>>>
>>>
>>>
>>>
>>> On Apr 24, 2013, at 9:51 AM, Sam Ottenhoff wrote:
>>>
>>> I'm not following.... In default.sakai.properties it's just a comment.
>>> Nothing is activated unless the Sakai deployer chooses to explicitly
>>> override in their deployment using their own sakai.properties or
>>> local.properties.
>>>
>>> --Sam
>>>
>>>
>>> On Wed, Apr 24, 2013 at 9:45 AM, Anthony Whyte <arwhyte at umich.edu> wrote:
>>>>
>>>> It will override once it's activated.
>>>>
>>>> Anth
>>>>
>>>>
>>>> On Apr 24, 2013, at 9:38 AM, Sam Ottenhoff wrote:
>>>>
>>>> default.sakai.properties doesn't override, it documents the defaults.
>>>>
>>>>
>>>> http://source.sakaiproject.org/viewsvn/config/branches/sakai-2.9.x/configuration/bundles/src/bundle/org/sakaiproject/config/bundle/default.sakai.properties?view=markup
>>>>
>>>> Line 335: # Default: true in 2.9.x and below (do not use AntiSamy),
>>>> false in 2.10.x and above (use AntiSamy)
>>>>
>>>>
>>>> On Wed, Apr 24, 2013 at 9:08 AM, Anthony Whyte <arwhyte at umich.edu>
>>>> wrote:
>>>>>
>>>>> I should also note that that KNL-1015, r122516 adds the following
>>>>> property setting to kernel.properties
>>>>>
>>>>> # KNL-1015: setting default for 2.9.2 release
>>>>> content.cleaner.use.legacy.html=true
>>>>>
>>>>> Not much value in this tweek of kernel.properties since it's going to
>>>>> get overridden by the settings embedded in default.sakai.properties.
>>>>>
>>>>> Anth
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Begin forwarded message:
>>>>>
>>>>> From: Anthony Whyte <arwhyte at umich.edu>
>>>>> Date: April 24, 2013 9:01:00 AM EDT
>>>>> To: Neal Caidin <nealcaidin at sakaifoundation.org>
>>>>> Cc: "May, Megan Marie" <mmmay at indiana.edu>,
>>>>> "sakai2-tcc at collab.sakaiproject.org Committee"
>>>>> <sakai2-tcc at collab.sakaiproject.org>
>>>>> Subject: Re: [sakai2-tcc] Question about AntiSamy decision
>>>>>
>>>>> The problem 2.9.x merge is KNL-1015, r122360.
>>>>>
>>>>> Change
>>>>>
>>>>> #content.cleaner.use.legacy.html=false
>>>>> . . .
>>>>> #content.cleaner.default.low.security=true
>>>>>
>>>>> to
>>>>>
>>>>> content.cleaner.use.legacy.html=true
>>>>> . . .
>>>>> content.cleaner.default.low.security=true  (enabling this property
>>>>> should be unnecessary, as the above property should override it,
>>>>> irrespective of the value chosen)
>>>>>
>>>>>
>>>>> Anth
>>>>>
>>>>>
>>>>>
>>>>> On Apr 24, 2013, at 8:40 AM, Neal Caidin wrote:
>>>>>
>>>>> Blocker bug to have AntiSamy off by default, or AntiSamy on with Low
>>>>> setting by default?
>>>>>
>>>>> Thanks,
>>>>> Neal
>>>>>
>>>>> On Apr 24, 2013, at 8:15 AM, "May, Megan Marie" <mmmay at indiana.edu>
>>>>> wrote:
>>>>>
>>>>> File a blocker bug.
>>>>>
>>>>>
>>>>> Megan
>>>>>
>>>>>
>>>>> Sent from my iPhone
>>>>>
>>>>>
>>>>> On Apr 24, 2013, at 8:13 AM, "Neal Caidin"
>>>>> <nealcaidin at sakaifoundation.org> wrote:
>>>>>
>>>>>
>>>>>
>>>>> Hi TCC,
>>>>>
>>>>>
>>>>> For some reason I had it in my head that the default for AntiSamy in
>>>>> CLE 2.9.2 is on with Low setting.  But when I look at the recorded decision
>>>>> it indicates that AntiSamy will be disabled by default for 2.9.2 . Thirdly,
>>>>> when I look at the properties, it appears to me to be set to default on
>>>>> AntiSamy High. ugh :-p . Please help?
>>>>>
>>>>>
>>>>> See below for details.
>>>>>
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Neal
>>>>>
>>>>>
>>>>>
>>>>> Proposal
>>>>>
>>>>> --------------------------
>>>>>
>>>>> https://confluence.sakaiproject.org/display/TCC/2013+TCC+Voting+Summary
>>>>>
>>>>>
>>>>> "PROPOSAL
>>>>>
>>>>> Inclusion of Anitsamy as a replacement of formattedtext in 2.9.2.  The
>>>>> change will be disabled OOTB and summaries of low and high AntiSamy policies
>>>>> will be provided in 'plain speak.'
>>>>>
>>>>>
>>>>> Once there is positive production experience, Antisamy will be the
>>>>> default in subsequent releases (ie 2.9.3)."
>>>>>
>>>>>
>>>>> AntiSamy properties in 2.9.x -
>>>>> https://source.sakaiproject.org/viewsvn/config/branches/sakai-2.9.x/configuration/bundles/src/bundle/org/sakaiproject/config/bundle/default.sakai.properties?view=markup
>>>>>
>>>>> -----------------------------
>>>>>
>>>>> # Force the use of the legacy html content processor (used in versions
>>>>> before and including 2.9),
>>>>>
>>>>> # if this is not overridden then the antisamy html cleaner will be used
>>>>>
>>>>> # Default: true in 2.9.x and below (do not use AntiSamy), false in
>>>>> 2.10.x and above (use AntiSamy)
>>>>>
>>>>> #content.cleaner.use.legacy.html=false
>>>>>
>>>>>
>>>>> # Force the user of a lower security profile for content processing and
>>>>> scanning,
>>>>>
>>>>> # if this is not overridden then high security settings are used.
>>>>>
>>>>> # The standard high and low files are located in
>>>>> "kernel/sakai-kernel-impl/src/main/resources/antisamy/"
>>>>>
>>>>> # Override the standard files by placing your own files in:
>>>>>
>>>>> #       ${sakai.home}/antisamy/high-security-policy.xml
>>>>>
>>>>> #       ${sakai.home}/antisamy/low-security-policy.xml
>>>>>
>>>>> # NOTE: only works if AntiSamy is enabled (see
>>>>> content.cleaner.use.legacy.html)
>>>>>
>>>>> # Default: false (use high security - no unsafe embeds or objects)
>>>>>
>>>>> #content.cleaner.default.low.security=true
>>>>>
>>>>>
>>>>> AntiSamy properties in Trunk -
>>>>> https://source.sakaiproject.org/viewsvn/config/trunk/configuration/bundles/src/bundle/org/sakaiproject/config/bundle/default.sakai.properties?view=markup
>>>>>
>>>>> --------------------------------
>>>>>
>>>>> # Force the use of the legacy html content processor (used in versions
>>>>> before and including 2.9),
>>>>>
>>>>> # if this is not overridden then the antisamy html cleaner will be used
>>>>>
>>>>> # Default: false (use AntiSamy)
>>>>>
>>>>> #content.cleaner.use.legacy.html=true
>>>>>
>>>>>
>>>>> # Force the user of a lower security profile for content processing and
>>>>> scanning,
>>>>>
>>>>> # if this is not overridden then high security settings are used.
>>>>>
>>>>> # The standard high and low files are located in
>>>>> "kernel/sakai-kernel-impl/src/main/resources/antisamy/"
>>>>>
>>>>> # Override the standard files by placing your own files in:
>>>>>
>>>>> #       ${sakai.home}/antisamy/high-security-policy.xml
>>>>>
>>>>> #       ${sakai.home}/antisamy/low-security-policy.xml
>>>>>
>>>>> # NOTE: only works if AntiSamy is enabled (see
>>>>> content.cleaner.use.legacy.html)
>>>>>
>>>>> # Default: false (use high security - no unsafe embeds or objects)
>>>>>
>>>>> #content.cleaner.default.low.security=true
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>>
>>>>> sakai2-tcc mailing list
>>>>>
>>>>> sakai2-tcc at collab.sakaiproject.org
>>>>>
>>>>> http://collab.sakaiproject.org/mailman/listinfo/sakai2-tcc
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> sakai2-tcc mailing list
>>>>> sakai2-tcc at collab.sakaiproject.org
>>>>> http://collab.sakaiproject.org/mailman/listinfo/sakai2-tcc
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> cle-release-team mailing list
>>>>> cle-release-team at collab.sakaiproject.org
>>>>> http://collab.sakaiproject.org/mailman/listinfo/cle-release-team
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>> _______________________________________________
>> cle-release-team mailing list
>> cle-release-team at collab.sakaiproject.org
>> http://collab.sakaiproject.org/mailman/listinfo/cle-release-team
>>
>
>
> _______________________________________________
> cle-release-team mailing list
> cle-release-team at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/cle-release-team
>



-- 
Aaron Zeckoski - Software Architect - http://tinyurl.com/azprofile

More information about the cle-release-team mailing list