[Using Sakai] Twenty-First Century Interactions on Sakai?
Marshall Feldman
marsh at uri.edu
Fri Aug 24 12:02:02 PDT 2012
Thanks to Sam, Matt, and David who quickly answered my query.
Unfortunately, I am "just" a faculty member and, like most faculty
members, do not have access to the config package and all that. If I
were to suggest changing the overall University-wide configuration, the
administration would probably appoint a committee, which would recommend
hiring a consultant, which would require a budget augmentation, which
would take about 4 years to tell me they can't support the change.
(Sorry, this cynicism is well-earned.)
One of my colleagues showed me a way around this that should work. So
I'm going to give it a try first.
Marsh Feldman
On 8/24/12 1:21 PM, Sam Ottenhoff wrote:
>> ... On a
>> regular web page using a jQuery plugin this is almost trivial. You just have
>> a short amount of text and then a "read more" link that expands the text
>> when the student wants to read the whole thing. See this example. But how to
>> do this in Sakai?
> Modify the Sakai config package and change the goodTags property to
> allow all input from users. It's a five minute change that will stop
> all HTML filtering and sanitation in Sakai.
>
> Making this change would be a security disaster if you do not have
> full trust in every *possible* user of your system. If you allow users
> to input Javascript into a web-based system, you are open to a
> gigantic class of attacks
> (http://en.wikipedia.org/wiki/Cross-site_scripting).
>
> If you don't have full trust in every single user in your system, then
> you need to add functionality centrally to your portal rendering
> instead of doing it as an instructor in a browser. Add new styles
> into the rich-text editor configs. Then render those new styles using
> the centralized jQuery code in your primary Sakai JS files.
>
> --Sam
More information about the sakai-user
mailing list