[WG: Sakai QA] [Building Sakai] Testing Embedded Video and iFrames

Matthew Jones matthew at longsight.com
Fri Aug 2 13:37:46 PDT 2013


For me this is the warning on 2.9 rc02. This was copied as the embed link
from vimeo. It looks like "player.vimeo.com" isn't allowed (just vimeo.com),
nor are a few of it's attributes.

You might be able to just put the regular link in there but it wouldn't be
embedded.

The iframe tag contained an attribute that we could not process. The src
attribute had a value of "http://player.vimeo.com/video/70161501?badge=0".
This value could not be accepted for security reasons. We have chosen to
remove this attribute from the tag and leave everything else in place so
that we could process the input. The iframe tag contained an attribute that
we could not process. The webkitallowfullscreen attribute has been filtered
out, but the tag is still in place. The value of the attribute was "". The
iframe tag contained an attribute that we could not process. The
mozallowfullscreen attribute has been filtered out, but the tag is still in
place. The value of the attribute was "".


On Fri, Aug 2, 2013 at 4:21 PM, Neal Caidin <neal.caidin at apereo.org> wrote:

> Hi All,
>
> It would be good to test the AntiSamy ability to have trusted video
> sources and iframe sites .  We don't have a QA script for this. Anybody
> interested in helping? :-)
>
> We can look at the high-security-policy.xml to determine trusted sites,
> test a handful, make sure they work, then pick some untrusted sites, and
> make sure that they fail. Volunteers would be warmly welcomed.  I don't
> think the techie skill requirements are too high.  Will be happy to work
> with you.
>
> Btw, anybody able to get Vimeo.com videos working in the CK Editor?  I
> can not get that to work, even with AntiSamy off. I can save the URL
> (because it is one of the trusted sites listed in our default config and,
> in the other case, no AntiSamy) but when I open the Announcement back up,
> it shows the error ""The operation couldn't be completed. The file is not a
> movie file (-2048)" .  Any clues?
>
> Cheers,
>
>
>   Neal Caidin
>
> Sakai CLE Community Coordinator
> neal.caidin at apereo.org
> Skype: nealkdin
> Twitter: ncaidin
>
>
>
>
>
>
>
>
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-qa/attachments/20130802/6864959a/attachment.html 


More information about the sakai-qa mailing list