[WG: Sakai QA] [Building Sakai] Question - AntiSamy testing
Sam Ottenhoff
ottenhoff at longsight.com
Fri Aug 9 07:36:46 PDT 2013
Check the notes from yesterday's meeting:
http://etherpad.ctools.org/rmmt-2013-08-08
AntiSamy low and high should accept this code:
<p>
<iframe allowfullscreen="" frameborder="0" height="315" src="
https://www.youtube.com/embed/0PKgnOn5w5U" width="560"></iframe></p>
AntiSamy low (not high) should accept this code:
<p>
<iframe src="
http://embed.ted.com/talks/jinsop_lee_design_for_all_5_senses.html"
width="560" height="315" frameborder="0" scrolling="no"
webkitAllowFullScreen mozallowfullscreen allowFullScreen></iframe>
</p>
On Fri, Aug 9, 2013 at 10:35 AM, Neal Caidin <neal.caidin at apereo.org> wrote:
> Hey all,
>
> I'm still struggling with this. I want to establish baseline behavior for
> testing LSNBLDR-276.
>
> I need a video source which is NOT included in the list of Flash sites to
> allow in the High security file. Any ideas?
>
> One thought I had was to remove Youtube from my Local list of allowed
> flash sites by updating my copy of high-security-policy.xml . But Sakai did
> not pick up my change on a restart. Perhaps I have it in the wrong place?
>
> Documentation says :
> # Override the standard files by placing your own files in:
> # ${sakai.home}/antisamy/high-security-policy.xml
> # ${sakai.home}/antisamy/low-security-policy.xml
>
> So here is what I did:
>
> 1) in the root of my Sakai directory , I added an "antisamy" sub-directory
> 2) I made a copy of all the security policies and put them in the antisamy
> sub-directory
> 3) Updated the high-security-policy.xml by removing youtube from
> "flashSites"
> 4) confirmed that AntiSamy default is on high (no override in my local
> settings)
> 5) run Sakai locally (pack-demo, in case that makes a difference)
>
> Unfortunately, Sakai let me add a Youtube video to CK Editor in
> Announcements. I expected it would strip out the offending code and give me
> a warning like " The object tag contained an attribute that we could not
> process…", etc.
>
> Am I doing something wrong?
>
> -- Neal
>
>
> Neal Caidin
> Sakai CLE Community Coordinator
> neal.caidin at apereo.org
> Skype: nealkdin
> Twitter: ncaidin
>
>
>
>
>
>
>
>
>
> On Aug 8, 2013, at 8:19 PM, Neal Caidin <neal.caidin at apereo.org> wrote:
>
> [ qa and dev ]
>
> Hello,
>
> I am testing https://jira.sakaiproject.org/browse/LSNBLDR-276
>
> With AntiSamy on Low setting, so it will play external videos without
> checking a "trusted sites" list, I see the following behavior. The video
> plays in the Lessons tool, but adding media in the CK Editor in
> Announcements I get "The operation couldn't be completed. The file is not a
> movie file (see enclosed screenshot).
>
> I'm trying a couple of sites (other than Youtube):
> http://dai.ly/x12skq3
>
> http://current.com/shows/joy-behar/videos/isabella-rossellini-on-her-ex-husband-martin-scorsese-hes-the-funniest-man-on-earth/
>
> Is it because these are not direct video embeds but instead web sites with
> videos? That's what it looks like through Lessons.
>
> Ideas?
>
> What would be good sites to test various settings of AntiSamy?
>
> Thanks,
> Neal
>
>
> <PastedGraphic-1.tiff>
>
>
>
> Neal Caidin
> Sakai CLE Community Coordinator
> neal.caidin at apereo.org
> Skype: nealkdin
> Twitter: ncaidin
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-qa/attachments/20130809/63f0640f/attachment-0001.html
More information about the sakai-qa
mailing list