[Using Sakai] Anti-Samy filering: on or off

Adam Marshall adam.marshall at it.ox.ac.uk
Wed Feb 11 06:46:37 PST 2015 

I think it’s the in-page javascript that generates the embedded videos that is the problem.

adm

--

** Note change of email address to adam.marshall at it.ox.ac.uk<mailto:adam.marshall at it.ox.ac.uk> **

Dr A C Marshall, WebLearn Service Manager, University of Oxford.
IT Services, 13 Banbury Rd, Oxford. OX2 6NN.


From: Sam Ottenhoff [mailto:ottenhoff at longsight.com]
Sent: 11 February 2015 14:31
To: Adam Marshall
Cc: Matthew Jones; Neal Caidin; sakai-user at collab.sakaiproject.org Server
Subject: Re: [Using Sakai] Anti-Samy filering: on or off

Right, edit your Anti-Samy policy file and add the 3 sites.  And then drop your modified XML file into $TOMCAT_HOME/sakai/antisamy/.

Here's a pattern of how to do it: https://jira.sakaiproject.org/browse/KNL-1117


On Wed, Feb 11, 2015 at 5:03 AM, Adam Marshall <adam.marshall at it.ox.ac.uk<mailto:adam.marshall at it.ox.ac.uk>> wrote:
I’ll tell you why I was asking: we have developed some custom CK Editor plugins to allow the embedding of YouTube & Vimeo vids, Twitter timelines and CC images. The Auntie Samy filtering is preventing the first 3 from working so – we’d like a way of fixing this. Maybe we can add some custom rules?

adam

--

** Note change of email address to adam.marshall at it.ox.ac.uk<mailto:adam.marshall at it.ox.ac.uk> **

Dr A C Marshall, WebLearn Service Manager, University of Oxford.
IT Services, 13 Banbury Rd, Oxford. OX2 6NN.


From: sakai-user-bounces at collab.sakaiproject.org<mailto:sakai-user-bounces at collab.sakaiproject.org> [mailto:sakai-user-bounces at collab.sakaiproject.org<mailto:sakai-user-bounces at collab.sakaiproject.org>] On Behalf Of Matthew Jones
Sent: 09 February 2015 17:29
To: Neal Caidin
Cc: sakai-user at collab.sakaiproject.org<mailto:sakai-user at collab.sakaiproject.org> Server
Subject: Re: [Using Sakai] Anti-Samy filering: on or off

That might be a question too, what setting are people using? The only difference between the two configurations is that high has a hard-coded "trusted" list of sites that content is allowed to be embedded from. But this list hasn't changed in the default configuration for over a year and a half.

So either nobody is using the high or the list is perfect as-is. :)

On Mon, Feb 9, 2015 at 12:08 PM, Neal Caidin <neal.caidin at apereo.org<mailto:neal.caidin at apereo.org>> wrote:
Don't forget that there is a High setting and a Low setting and both of these are configurable. So hopefully you would be able to start with one of those (high is recommended) and then get it to work optimally for your institution, taking into account security risks for being less restrictive.

-- Neal


On Mon, Feb 9, 2015 at 11:39 AM, Sam Ottenhoff <ottenhoff at longsight.com<mailto:ottenhoff at longsight.com>> wrote:
The only justification for turning HTML filtering off would be that you have complete trust in all of your users and that only authorized users are able to post content to your Sakai instance.  Maybe your instance is used by a small group of professional collaborators and worrying about a user modifying grade information via XSS attacks doesn't apply.


On Mon, Feb 9, 2015 at 11:34 AM, Adam Marshall <adam.marshall at it.ox.ac.uk<mailto:adam.marshall at it.ox.ac.uk>> wrote:
Does anybody here not have Anti-Samy filtering turned on? If so how are you justifying this (you can reply off-list if you like).

adam

--

** Note change of email address to adam.marshall at it.ox.ac.uk<mailto:adam.marshall at it.ox.ac.uk> **

Dr A C Marshall, WebLearn Service Manager, University of Oxford.
IT Services, 13 Banbury Rd, Oxford. OX2 6NN.



_______________________________________________
sakai-user mailing list
sakai-user at collab.sakaiproject.org<mailto:sakai-user at collab.sakaiproject.org>
http://collab.sakaiproject.org/mailman/listinfo/sakai-user

TO UNSUBSCRIBE: send email to sakai-user-unsubscribe at collab.sakaiproject.org<mailto:sakai-user-unsubscribe at collab.sakaiproject.org> with a subject of "unsubscribe"


_______________________________________________
sakai-user mailing list
sakai-user at collab.sakaiproject.org<mailto:sakai-user at collab.sakaiproject.org>
http://collab.sakaiproject.org/mailman/listinfo/sakai-user

TO UNSUBSCRIBE: send email to sakai-user-unsubscribe at collab.sakaiproject.org<mailto:sakai-user-unsubscribe at collab.sakaiproject.org> with a subject of "unsubscribe"


_______________________________________________
sakai-user mailing list
sakai-user at collab.sakaiproject.org<mailto:sakai-user at collab.sakaiproject.org>
http://collab.sakaiproject.org/mailman/listinfo/sakai-user

TO UNSUBSCRIBE: send email to sakai-user-unsubscribe at collab.sakaiproject.org<mailto:sakai-user-unsubscribe at collab.sakaiproject.org> with a subject of "unsubscribe"


_______________________________________________
sakai-user mailing list
sakai-user at collab.sakaiproject.org<mailto:sakai-user at collab.sakaiproject.org>
http://collab.sakaiproject.org/mailman/listinfo/sakai-user

TO UNSUBSCRIBE: send email to sakai-user-unsubscribe at collab.sakaiproject.org<mailto:sakai-user-unsubscribe at collab.sakaiproject.org> with a subject of "unsubscribe"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-user/attachments/20150211/d7f8482f/attachment-0001.html

More information about the sakai-user mailing list