[Building Sakai] Fwd: New Content Management Portlet now available!
John A. Lewis
jlewis at unicon.net
Wed Jun 23 17:49:11 PDT 2010
Yep, it uses AntiSamy, which is also being used in a number of the other
Jasig portlets (calendar, news reader, email) -- Jen is a big fan. She
wrote a little JSP taglet to do string cleaning in JSP pages that she
intends to donate back to OWASP. Instructions for adjusting the
AntiSamy configuration for the portlet are available at
https://wiki.jasig.org/display/PLT/Simple+Content+Management+Portlet+Configuration
Once the user clicks "preview," the portlet submits the configured
content to an AJAX service that sends back the AntiSamy-cleaned content.
It of course also re-clean the content when the user hits save, but the
hope is that that AJAX call will allow it to offer users a more
realistic preview. If the security rules don't allow IFrames, and the
user tries to add one in the source view, they will immediately find out
that some of the content was stripped before leaving the editor. Right
now those security rules are set globally for the portlet, but Jen has
been thinking about having a way to specify different security rules for
different user groups or perhaps as a selection in the editor itself
(similar to Drupal).
On 06/22/2010 08:00 PM, Nate Angell wrote:
> Very cool. How does the portlet manage security policies? Anything
> like AntiSamy?
> http://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project
>
> - Nate
>
> On Tue, Jun 22, 2010 at 6:22 PM, John A. Lewis <jlewis at unicon.net
> <mailto:jlewis at unicon.net>> wrote:
>
> FYI: There is a simple new content management portlet available in
> the Jasig community for use with uPortal. See the announcement
> below for more info. Jen Bourey's done some really nice work with
> this, including use of Fluid and the CK Editor. I thought this
> might be of interest in the Sakai community if looking for a
> simple way to get some editable static content into Sakai pages.
>
> One issue that would likely surface is that the portlet uses the
> "CONFIG" portlet mode for editing the static content, which is an
> optional recommended mode in the portlet spec, but not all portlet
> containers support it. Does Sakai's portlet support include
> "CONFIG" mode?
>
>
>> -------- Original Message --------
>> Subject: New Content Management Portlet now available!
>> Date: Fri, 18 Jun 2010 10:35:11 GMT
>> From: <Charise Arrowood>
>>
>>
>> Special Thanks to Ryerson University-
>>
>> On behalf of Ryerson University via Unicon's Accelerated
>> Development option Jen Bourey has created a Simple Content
>> Management Portlet. This portlet includes Administrative WYSIWIG
>> Editing, leveraging uPortal's 3.2 configuration mode to produce
>> rich configuration capabilities within the new SCM Portlet.
>> Additionally, Jen has made use of Fluid and the CK Editor 3 to
>> allow for additional flexibility and editing. For additional
>> details please see the SCM Space:
>> https://issues.jasig.org/browse/CMSPLT.
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20100623/2453f93f/attachment.html
More information about the sakai-dev
mailing list