[Building Sakai] Samigo: Using <object/> tag in question text
Sam Ottenhoff
ottenhoff at longsight.com
Mon Apr 21 06:19:05 PDT 2014
>
> I think this is related to HTML sanitization but I couldn't find the code
> in Java and js.
>
Correct, the HTML sanitization library is an upstream project called
AntiSamy. Sakai has two possible policies high and low. The XML
configurations for these policies are kept in the kernel code.
You can modify the policy XML file and place it in your
$SAKAI_HOME/sakai/antisamy/ directory.
Here is a related JIRA that will show the modification of the XML files:
https://jira.sakaiproject.org/browse/KNL-1096
# Force the user of a lower security profile for content processing
and scanning,
# if this is not overridden then high security settings are used.
# The standard high and low files are located in
"kernel/sakai-kernel-impl/src/main/resources/antisamy/"
# Override the standard files by placing your own files in:
# ${sakai.home}/antisamy/high-security-policy.xml
# ${sakai.home}/antisamy/low-security-policy.xml
# NOTE: only works if AntiSamy is enabled (see content.cleaner.use.legacy.html)
# DEFAULT: false (use high security - no unsafe embeds or objects)
#content.cleaner.default.low.security=true
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20140421/26007758/attachment.html
More information about the sakai-dev
mailing list