[Using Sakai] Anti-Samy filering: on or off

Wed Feb 11 06:30:33 PST 2015

Right, edit your Anti-Samy policy file and add the 3 sites.  And then drop
your modified XML file into $TOMCAT_HOME/sakai/antisamy/.

Here's a pattern of how to do it:
https://jira.sakaiproject.org/browse/KNL-1117

On Wed, Feb 11, 2015 at 5:03 AM, Adam Marshall <adam.marshall at it.ox.ac.uk>
wrote:

>  I’ll tell you why I was asking: we have developed some custom CK Editor
> plugins to allow the embedding of YouTube & Vimeo vids, Twitter timelines
> and CC images. The Auntie Samy filtering is preventing the first 3 from
> working so – we’d like a way of fixing this. Maybe we can add some custom
> rules?
>
>
>
> adam
>
>
>
> --
>
>
>
> ** Note change of email address to adam.marshall at it.ox.ac.uk **
>
>
>
> Dr A C Marshall, WebLearn Service Manager, University of Oxford.
>
> IT Services, 13 Banbury Rd, Oxford. OX2 6NN.
>
>
>
>
>
> *From:* sakai-user-bounces at collab.sakaiproject.org [mailto:
> sakai-user-bounces at collab.sakaiproject.org] *On Behalf Of *Matthew Jones
> *Sent:* 09 February 2015 17:29
> *To:* Neal Caidin
> *Cc:* sakai-user at collab.sakaiproject.org Server
> *Subject:* Re: [Using Sakai] Anti-Samy filering: on or off
>
>
>
> That might be a question too, what setting are people using? The only
> difference between the two configurations is that high has a hard-coded
> "trusted" list of sites that content is allowed to be embedded from. But
> this list hasn't changed in the default configuration for over a year and a
> half.
>
>
>
> So either nobody is using the high or the list is perfect as-is. :)
>
>
>
> On Mon, Feb 9, 2015 at 12:08 PM, Neal Caidin <neal.caidin at apereo.org>
> wrote:
>
> Don't forget that there is a High setting and a Low setting and both of
> these are configurable. So hopefully you would be able to start with one of
> those (high is recommended) and then get it to work optimally for your
> institution, taking into account security risks for being less restrictive.
>
>
>
> -- Neal
>
>
>
>
>
> On Mon, Feb 9, 2015 at 11:39 AM, Sam Ottenhoff <ottenhoff at longsight.com>
> wrote:
>
> The only justification for turning HTML filtering off would be that you
> have complete trust in all of your users and that only authorized users are
> able to post content to your Sakai instance.  Maybe your instance is used
> by a small group of professional collaborators and worrying about a user
> modifying grade information via XSS attacks doesn't apply.
>
>
>
>
>
> On Mon, Feb 9, 2015 at 11:34 AM, Adam Marshall <adam.marshall at it.ox.ac.uk>
> wrote:
>
> Does anybody here not have Anti-Samy filtering turned on? If so how are
> you justifying this (you can reply off-list if you like).
>
> adam
>
> --
>
> ** Note change of email address to adam.marshall at it.ox.ac.uk **
>
> Dr A C Marshall, WebLearn Service Manager, University of Oxford.
> IT Services, 13 Banbury Rd, Oxford. OX2 6NN.
>
>
>
> _______________________________________________
> sakai-user mailing list
> sakai-user at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-user
>
> TO UNSUBSCRIBE: send email to
> sakai-user-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
>
>
>
> _______________________________________________
> sakai-user mailing list
> sakai-user at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-user
>
> TO UNSUBSCRIBE: send email to
> sakai-user-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
>
>
>
> _______________________________________________
> sakai-user mailing list
> sakai-user at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-user
>
> TO UNSUBSCRIBE: send email to
> sakai-user-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
>
>
> _______________________________________________
> sakai-user mailing list
> sakai-user at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-user
>
> TO UNSUBSCRIBE: send email to
> sakai-user-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-user/attachments/20150211/8a2c8e3f/attachment.html 