[Deploying Sakai] Sakai CLE 2.9.2; incompatible change in Lessons permissions

Charles Hedrick hedrick at rutgers.edu
Sat Jun 1 11:31:19 PDT 2013

Note on lessons:

With the move to antisamy, there is a potentially incompatible change in Lessons behavior.

In previous versions, Lessons allowed instructors to add text to lessons using the HTML editor. This text could include Javascript and other potentially dangerous content. (Content on student pages used the HTML filter to remove this.) 

As of 2.9.2, Lessons is following the rest of Sakai, in using Antisamy (or depending upon settings its older equivalent) to remove dangerous content.

If you want to continue the old behavior add the following to sakai.properties:


True and false work both in the old and new version. The 2.9.2. version adds options to explicitly specify antisamy levels: high, low, and default, where default is whatever the site's normal antisamy setting is.

The new default is true, which is the same as low. It should allow embedding of multimedia content. However we've found some sites where embedding is done with Javasriipt. If your using use any of those sites, the default will cause trouble.

Note that filtering is applied when editing content, so if you turn on antisamy it will not affect existing content. However the next time someone edits an existing block of HTML, the filter will be applied.

It is also possible to set a filterHtml property in a particular instance of Lessons using the administrative site editor. That will override the setting in sakai.properties.


Note that several changes were held back because it was too near the release of 2.9.2. The most important is common cartridge export. I'll be checking that into 1.4.x right after the conference.

On Jun 1, 2013, at 12:10 PM, Neal Caidin <nealcaidin at sakaifoundation.org> wrote:

> Dear All,
> I am pleased to announce, on behalf of the community, the release of Sakai CLE 2.9.2 .
> Highlights include (but are not limited to):
> Over 160 Jira issues resolved!
> Addition of AntiSamy security infrastructure (off by default until proved in production environments).
> Support for Math symbols in the Rich text editor (aka CK Editor)
> Institutional gradebook export function
> Export of quizzes using IMS QTI browser is fixed for Chrome browsers (still works in other browsers)
> Fix of serious WebDav bug, when moving or renaming files or folders.
> Fixed Roster tool. Threw error in many sites after upgrade from 2.8 to 2.9.
> Please see the release notes for more details - https://confluence.sakaiproject.org/display/DOC/Sakai+CLE+2.9+release+notes
> Thanks to all in the worldwide community for your contribution to the development, testing, and documenting of the release.
> Best regards,
> Neal Caidin
> Sakai CLE Community Coordinator
> nealcaidin at sakaifoundation.org
> Skype: nealkdin
> AIM: ncaidin at aol.com
> _______________________________________________
> production mailing list
> production at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/production
> TO UNSUBSCRIBE: send email to production-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/production/attachments/20130601/83d39f0f/attachment.html 

More information about the production mailing list