[sakai2-tcc] Question about AntiSamy decision
May, Megan Marie
mmmay at indiana.edu
Wed Apr 24 06:06:28 PDT 2013
So for clarity's' sake, it should be disabled OOTB per the TCC's decision.
From: Anthony Whyte [mailto:arwhyte at umich.edu]
Sent: Wednesday, April 24, 2013 9:01 AM
To: Neal Caidin
Cc: May, Megan Marie; sakai2-tcc at collab.sakaiproject.org Committee
Subject: Re: [sakai2-tcc] Question about AntiSamy decision
The problem 2.9.x merge is KNL-1015, r122360.
Change
#content.cleaner.use.legacy.html=false
. . .
#content.cleaner.default.low.security=true
to
content.cleaner.use.legacy.html=true
. . .
content.cleaner.default.low.security=true (enabling this property should be unnecessary, as the above property should override it, irrespective of the value chosen)
Anth
On Apr 24, 2013, at 8:40 AM, Neal Caidin wrote:
Blocker bug to have AntiSamy off by default, or AntiSamy on with Low setting by default?
Thanks,
Neal
On Apr 24, 2013, at 8:15 AM, "May, Megan Marie" <mmmay at indiana.edu<mailto:mmmay at indiana.edu>> wrote:
File a blocker bug.
Megan
Sent from my iPhone
On Apr 24, 2013, at 8:13 AM, "Neal Caidin" <nealcaidin at sakaifoundation.org<mailto:nealcaidin at sakaifoundation.org>> wrote:
Hi TCC,
For some reason I had it in my head that the default for AntiSamy in CLE 2.9.2 is on with Low setting. But when I look at the recorded decision it indicates that AntiSamy will be disabled by default for 2.9.2 . Thirdly, when I look at the properties, it appears to me to be set to default on AntiSamy High. ugh :-p . Please help?
See below for details.
Thanks,
Neal
Proposal
--------------------------
https://confluence.sakaiproject.org/display/TCC/2013+TCC+Voting+Summary
"PROPOSAL
Inclusion of Anitsamy as a replacement of formattedtext in 2.9.2. The change will be disabled OOTB and summaries of low and high AntiSamy policies will be provided in 'plain speak.'
Once there is positive production experience, Antisamy will be the default in subsequent releases (ie 2.9.3)."
AntiSamy properties in 2.9.x - https://source.sakaiproject.org/viewsvn/config/branches/sakai-2.9.x/configuration/bundles/src/bundle/org/sakaiproject/config/bundle/default.sakai.properties?view=markup
-----------------------------
# Force the use of the legacy html content processor (used in versions before and including 2.9),
# if this is not overridden then the antisamy html cleaner will be used
# Default: true in 2.9.x and below (do not use AntiSamy), false in 2.10.x and above (use AntiSamy)
#content.cleaner.use.legacy.html=false
# Force the user of a lower security profile for content processing and scanning,
# if this is not overridden then high security settings are used.
# The standard high and low files are located in "kernel/sakai-kernel-impl/src/main/resources/antisamy/"
# Override the standard files by placing your own files in:
# ${sakai.home}/antisamy/high-security-policy.xml
# ${sakai.home}/antisamy/low-security-policy.xml
# NOTE: only works if AntiSamy is enabled (see content.cleaner.use.legacy.html)
# Default: false (use high security - no unsafe embeds or objects)
#content.cleaner.default.low.security=true
AntiSamy properties in Trunk - https://source.sakaiproject.org/viewsvn/config/trunk/configuration/bundles/src/bundle/org/sakaiproject/config/bundle/default.sakai.properties?view=markup
--------------------------------
# Force the use of the legacy html content processor (used in versions before and including 2.9),
# if this is not overridden then the antisamy html cleaner will be used
# Default: false (use AntiSamy)
#content.cleaner.use.legacy.html=true
# Force the user of a lower security profile for content processing and scanning,
# if this is not overridden then high security settings are used.
# The standard high and low files are located in "kernel/sakai-kernel-impl/src/main/resources/antisamy/"
# Override the standard files by placing your own files in:
# ${sakai.home}/antisamy/high-security-policy.xml
# ${sakai.home}/antisamy/low-security-policy.xml
# NOTE: only works if AntiSamy is enabled (see content.cleaner.use.legacy.html)
# Default: false (use high security - no unsafe embeds or objects)
#content.cleaner.default.low.security=true
_______________________________________________
sakai2-tcc mailing list
sakai2-tcc at collab.sakaiproject.org<mailto:sakai2-tcc at collab.sakaiproject.org>
http://collab.sakaiproject.org/mailman/listinfo/sakai2-tcc
_______________________________________________
sakai2-tcc mailing list
sakai2-tcc at collab.sakaiproject.org<mailto:sakai2-tcc at collab.sakaiproject.org>
http://collab.sakaiproject.org/mailman/listinfo/sakai2-tcc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai2-tcc/attachments/20130424/f88ee21c/attachment.html
More information about the sakai2-tcc
mailing list