[WG: Sakai QA] Question - AntiSamy testing

Neal Caidin neal.caidin at apereo.org
Fri Aug 9 07:35:06 PDT 2013 

Hey all,

I'm still struggling with this. I want to establish baseline behavior for testing LSNBLDR-276. 

I need a video source which is NOT included in the list of Flash sites to allow in the High security file. Any ideas? 

One thought I had was to remove Youtube from my Local list of allowed flash sites by updating my copy of high-security-policy.xml . But Sakai did not pick up my change on a restart. Perhaps I have it in the wrong place?

Documentation says :
# Override the standard files by placing your own files in:
#       ${sakai.home}/antisamy/high-security-policy.xml
#       ${sakai.home}/antisamy/low-security-policy.xml

So here is what I did:

1) in the root of my Sakai directory , I added an "antisamy" sub-directory
2) I made a copy of all the security policies and put them in the antisamy sub-directory
3) Updated the high-security-policy.xml by removing youtube from "flashSites"
4) confirmed that AntiSamy default is on high (no override in my local settings)
5) run Sakai locally (pack-demo, in case that makes a difference)

Unfortunately, Sakai let me add a Youtube video to CK Editor in Announcements. I expected it would strip out the offending code and give me a warning like " The object tag contained an attribute that we could not process…", etc.

Am I doing something wrong? 

-- Neal


Neal Caidin
Sakai CLE Community Coordinator
neal.caidin at apereo.org
Skype: nealkdin
Twitter: ncaidin









On Aug 8, 2013, at 8:19 PM, Neal Caidin <neal.caidin at apereo.org> wrote:

> [ qa and dev ] 
> 
> Hello,
> 
> I am testing https://jira.sakaiproject.org/browse/LSNBLDR-276
> 
> With AntiSamy on Low setting, so it will play external videos without checking a "trusted sites" list, I see the following behavior. The video plays in the Lessons tool, but adding media in the CK Editor in Announcements I get "The operation couldn't be completed. The file is not a movie file (see enclosed screenshot).  
> 
> I'm trying a couple of sites (other than Youtube):
> http://dai.ly/x12skq3
> http://current.com/shows/joy-behar/videos/isabella-rossellini-on-her-ex-husband-martin-scorsese-hes-the-funniest-man-on-earth/
> 
> Is it because these are not direct video embeds but instead web sites with videos? That's what it looks like through Lessons. 
> 
> Ideas?
> 
> What would be good sites to test various settings of AntiSamy?
> 
> Thanks,
> Neal
> 
> 
> <PastedGraphic-1.tiff>
> 
> 
> 
> Neal Caidin
> Sakai CLE Community Coordinator
> neal.caidin at apereo.org
> Skype: nealkdin
> Twitter: ncaidin
> 
> 
> 
> 
> 
> 
> 
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-qa/attachments/20130809/eae43769/attachment.html

More information about the sakai-qa mailing list