[Building Sakai] Samigo: Using <object/> tag in question text
Shoji Kajita
kajita.shoji.5z at kyoto-u.ac.jp
Wed Apr 23 06:24:40 PDT 2014
Hi Sam,
At Mon, 21 Apr 2014 09:19:05 -0400,
Sam Ottenhoff wrote:
> > I think this is related to HTML sanitization but I couldn't find the code
> > in Java and js.
> Correct, the HTML sanitization library is an upstream project called
> AntiSamy. Sakai has two possible policies high and low. The XML
> configurations for these policies are kept in the kernel code.
Bingo!
I tested the following three cases using the following object tag:
<object data="http://xxx/01.wav" height="26" id="MediaPlayer" type="audio/mp3" width="70"><param name="enabled" value="true" /><param name="src" value="http://xxx/01.wav" /><param name="autostart" value="false" /><param name="uimode" value="full" /></object>
Case 1:
content.cleaner.use.legacy.html=true
content.cleaner.default.low.security=true
I could save the object tag successfully.
Case 2:
content.cleaner.use.legacy.html=false
content.cleaner.default.low.security=true
Again I could save the object tag successfully.
Case 3 (default setting in Sakai 2.9.3):
content.cleaner.use.legacy.html=false
content.cleaner.default.low.security=false
I could not save.
So with that, we have decided to use the values of Case 2 for our
production system in this term.
Thank you so much for your swift help!
Best regards,
---
Shoji Kajita, Ph.D.
Professor, Entrepreneur
IT Planning Office, IIMC
Academic Center for Computing and Media Studies
Kyoto University
Twitter: @shojikajita
More information about the sakai-dev
mailing list