[sakai2-tcc] Question about AntiSamy decision
Neal Caidin
nealcaidin at sakaifoundation.org
Wed Apr 24 05:13:02 PDT 2013
Hi TCC,
For some reason I had it in my head that the default for AntiSamy in CLE 2.9.2 is on with Low setting. But when I look at the recorded decision it indicates that AntiSamy will be disabled by default for 2.9.2 . Thirdly, when I look at the properties, it appears to me to be set to default on AntiSamy High. ugh :-p . Please help?
See below for details.
Thanks,
Neal
Proposal
--------------------------
https://confluence.sakaiproject.org/display/TCC/2013+TCC+Voting+Summary
"PROPOSAL
Inclusion of Anitsamy as a replacement of formattedtext in 2.9.2. The change will be disabled OOTB and summaries of low and high AntiSamy policies will be provided in 'plain speak.'
Once there is positive production experience, Antisamy will be the default in subsequent releases (ie 2.9.3)."
AntiSamy properties in 2.9.x - https://source.sakaiproject.org/viewsvn/config/branches/sakai-2.9.x/configuration/bundles/src/bundle/org/sakaiproject/config/bundle/default.sakai.properties?view=markup
-----------------------------
# Force the use of the legacy html content processor (used in versions before and including 2.9),
# if this is not overridden then the antisamy html cleaner will be used
# Default: true in 2.9.x and below (do not use AntiSamy), false in 2.10.x and above (use AntiSamy)
#content.cleaner.use.legacy.html=false
# Force the user of a lower security profile for content processing and scanning,
# if this is not overridden then high security settings are used.
# The standard high and low files are located in "kernel/sakai-kernel-impl/src/main/resources/antisamy/"
# Override the standard files by placing your own files in:
# ${sakai.home}/antisamy/high-security-policy.xml
# ${sakai.home}/antisamy/low-security-policy.xml
# NOTE: only works if AntiSamy is enabled (see content.cleaner.use.legacy.html)
# Default: false (use high security - no unsafe embeds or objects)
#content.cleaner.default.low.security=true
AntiSamy properties in Trunk - https://source.sakaiproject.org/viewsvn/config/trunk/configuration/bundles/src/bundle/org/sakaiproject/config/bundle/default.sakai.properties?view=markup
--------------------------------
# Force the use of the legacy html content processor (used in versions before and including 2.9),
# if this is not overridden then the antisamy html cleaner will be used
# Default: false (use AntiSamy)
#content.cleaner.use.legacy.html=true
# Force the user of a lower security profile for content processing and scanning,
# if this is not overridden then high security settings are used.
# The standard high and low files are located in "kernel/sakai-kernel-impl/src/main/resources/antisamy/"
# Override the standard files by placing your own files in:
# ${sakai.home}/antisamy/high-security-policy.xml
# ${sakai.home}/antisamy/low-security-policy.xml
# NOTE: only works if AntiSamy is enabled (see content.cleaner.use.legacy.html)
# Default: false (use high security - no unsafe embeds or objects)
#content.cleaner.default.low.security=true
More information about the sakai2-tcc
mailing list