[Using Sakai] Twenty-First Century Interactions on Sakai?
Sam Ottenhoff
ottenhoff at longsight.com
Fri Aug 24 10:21:07 PDT 2012
> ... On a
> regular web page using a jQuery plugin this is almost trivial. You just have
> a short amount of text and then a "read more" link that expands the text
> when the student wants to read the whole thing. See this example. But how to
> do this in Sakai?
Modify the Sakai config package and change the goodTags property to
allow all input from users. It's a five minute change that will stop
all HTML filtering and sanitation in Sakai.
Making this change would be a security disaster if you do not have
full trust in every *possible* user of your system. If you allow users
to input Javascript into a web-based system, you are open to a
gigantic class of attacks
(http://en.wikipedia.org/wiki/Cross-site_scripting).
If you don't have full trust in every single user in your system, then
you need to add functionality centrally to your portal rendering
instead of doing it as an instructor in a browser. Add new styles
into the rich-text editor configs. Then render those new styles using
the centralized jQuery code in your primary Sakai JS files.
--Sam
More information about the sakai-user
mailing list