[Building Sakai] Equation images removed from answers in Samigo

Tue Oct 22 03:28:53 PDT 2013

FYI this issue is related with AntiSamy filter. It is deleting images 
with Latex code in src attribute and Samigo silently saves the empty image.

I have filled a JIRA: https://jira.sakaiproject.org/browse/KNL-1136

If this can't be fixed for security reasons, I would like to configure 
our AntiSamy filter to allow a white list of trusted URLs for <img src> 
tag. Is this possible?

Thanks.
Best regards.

El 21/10/2013 14:52, Daniel Merino escribió:
> Hi, Brian. Thanks for the clue but I have looked there and these classes
> are not related to our issue AFAIK.
>
> There is some place between the form where questions are edited in
> Samigo and the class ItemAddListener.java where HTML is parsed and img
> tags are completely removed if their URL has some character that Samigo
> doesn't like.
>
> Still looking for it without success. I wonder if it could be some
> javascript.
>
> Any help will be highly appreciated as our teachers are losing their
> work when they edit it.
>
> Best regards.
>
> El 18/10/2013 16:00, Brian Jones escribió:
>> This jira may be relevant:
>>
>> https://jira.sakaiproject.org/browse/SAM-2131
>>
>> Brian Jones
>> Applications Development
>> Information Technology Services
>> Support Services Building, Room 4326
>> Western University
>> (519) 661-2111 x86969
>> bjones86 at uwo.ca
>>
>>
>> -----Original Message-----
>> From: sakai-dev-bounces at collab.sakaiproject.org
>> [mailto:sakai-dev-bounces at collab.sakaiproject.org] On Behalf Of Daniel
>> Merino
>> Sent: Friday, October 18, 2013 8:54 AM
>> To: sakai-dev
>> Subject: [Building Sakai] Equation images removed from answers in Samigo
>>
>> Hi everybody.
>>
>> After going to 2.9.2, we are currently receiving quite complaints of
>> teachers who have lost answers in Samigo questions after editing them.
>>
>> These answers are embedded images with equations. I have tested that is
>> happening in our 2.9.2 server and that in a trunk qa server
>> (http://sakai-trunk.atica.um.es/portal/) I can also replicate the issue.
>>
>> For example, when creating or editing a multiple choice question in a pool,
>> if user adds as answer the next HTML code:
>>
>> <img
>> src="http://latex.codecogs.com/gif.latex?\frac{\mathrm{d}&space;35x}{\mathrm
>> {d}&space;x*2}"
>> title="\frac{\mathrm{d} 35x}{\mathrm{d} x*2}" />
>>
>> and then saves the question, answer is deleted and no error is thrown in
>> screen neither in Sakai's log.
>>
>> Other images are saved correctly, so I think this is some issue with Latex
>> code in img tag. AFAIK this didn't happen in Sakai 2.7.
>>
>> I have tried to track the issue, but I haven't found nothing. Please, could
>> somebody tell me where answers texts are validated in Samigo?
>>
>> Thanks in advance.
>> Best regards.
>> --
>> Daniel Merino Echeverría
>> daniel.merino at unavarra.es
>> Gestor de teleformación - Centro Superior de Innovación Educativa.
>> Tfno: 948-168489 - Universidad Pública de Navarra.
>> _______________________________________________
>> sakai-dev mailing list
>> sakai-dev at collab.sakaiproject.org
>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>
>> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org
>> with a subject of "unsubscribe"
>>
>>

-- 
Daniel Merino Echeverría
daniel.merino at unavarra.es
Gestor de teleformación - Centro Superior de Innovación Educativa.
Tfno: 948-168489 - Universidad Pública de Navarra.
--
Los políticos son como los libros. Los que están más alto son los más 
inútiles. (Anónimo)