[Building Sakai] Fwd: New Content Management Portlet now available!
Nate Angell
nangell at rsmart.com
Thu Jun 24 07:00:12 PDT 2010
Very interesting John, thanks for the details. We were looking at antisamy
as a possible security augmentation to Sakai 2.
- Nate
On Jun 23, 2010, at 6:49 PM, "John A. Lewis" <jlewis at unicon.net> wrote:
Yep, it uses AntiSamy, which is also being used in a number of the other
Jasig portlets (calendar, news reader, email) -- Jen is a big fan. She wrote
a little JSP taglet to do string cleaning in JSP pages that she intends to
donate back to OWASP. Instructions for adjusting the AntiSamy configuration
for the portlet are available at
https://wiki.jasig.org/display/PLT/Simple+Content+Management+Portlet+Configuration
Once the user clicks "preview," the portlet submits the configured content
to an AJAX service that sends back the AntiSamy-cleaned content. It of
course also re-clean the content when the user hits save, but the hope is
that that AJAX call will allow it to offer users a more realistic preview.
If the security rules don't allow IFrames, and the user tries to add one in
the source view, they will immediately find out that some of the content was
stripped before leaving the editor. Right now those security rules are set
globally for the portlet, but Jen has been thinking about having a way to
specify different security rules for different user groups or perhaps as a
selection in the editor itself (similar to Drupal).
On 06/22/2010 08:00 PM, Nate Angell wrote:
Very cool. How does the portlet manage security policies? Anything like
AntiSamy?
http://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project
- Nate
On Tue, Jun 22, 2010 at 6:22 PM, John A. Lewis <jlewis at unicon.net> wrote:
> FYI: There is a simple new content management portlet available in the
> Jasig community for use with uPortal. See the announcement below for more
> info. Jen Bourey's done some really nice work with this, including use of
> Fluid and the CK Editor. I thought this might be of interest in the Sakai
> community if looking for a simple way to get some editable static content
> into Sakai pages.
>
> One issue that would likely surface is that the portlet uses the "CONFIG"
> portlet mode for editing the static content, which is an optional
> recommended mode in the portlet spec, but not all portlet containers support
> it. Does Sakai's portlet support include "CONFIG" mode?
>
>
> -------- Original Message -------- Subject: New Content Management
> Portlet now available! Date: Fri, 18 Jun 2010 10:35:11 GMT From: <Charise
> Arrowood>
>
> Special Thanks to Ryerson University-
>
> On behalf of Ryerson University via Unicon's Accelerated Development option
> Jen Bourey has created a Simple Content Management Portlet. This portlet
> includes Administrative WYSIWIG Editing, leveraging uPortal's 3.2
> configuration mode to produce rich configuration capabilities within the new
> SCM Portlet. Additionally, Jen has made use of Fluid and the CK Editor 3 to
> allow for additional flexibility and editing. For additional details please
> see the SCM Space: https://issues.jasig.org/browse/CMSPLT.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20100624/83c883e8/attachment.html
More information about the sakai-dev
mailing list