[sakai2-tcc] [cle-release-team] Fwd: Question about AntiSamy decision

Sam Ottenhoff ottenhoff at longsight.com
Wed Apr 24 06:51:13 PDT 2013 

I'm not following.... In default.sakai.properties it's just a comment.
 Nothing is activated unless the Sakai deployer chooses to explicitly
override in their deployment using their own sakai.properties or
local.properties.

--Sam


On Wed, Apr 24, 2013 at 9:45 AM, Anthony Whyte <arwhyte at umich.edu> wrote:

> It will override once it's activated.
>
> Anth
>
>
> On Apr 24, 2013, at 9:38 AM, Sam Ottenhoff wrote:
>
> default.sakai.properties doesn't override, it documents the defaults.
>
>
> http://source.sakaiproject.org/viewsvn/config/branches/sakai-2.9.x/configuration/bundles/src/bundle/org/sakaiproject/config/bundle/default.sakai.properties?view=markup
>
> Line 335: # Default: true in 2.9.x and below (do not use AntiSamy), false
> in 2.10.x and above (use AntiSamy)
>
>
> On Wed, Apr 24, 2013 at 9:08 AM, Anthony Whyte <arwhyte at umich.edu> wrote:
>
>> I should also note that that KNL-1015, r122516 adds the following
>> property setting to kernel.properties
>>
>> # KNL-1015: setting default for 2.9.2 release
>> content.cleaner.use.legacy.html=true
>>
>> Not much value in this tweek of kernel.properties since it's going to get
>> overridden by the settings embedded in default.sakai.properties.
>>
>> Anth
>>
>>
>>
>>
>> Begin forwarded message:
>>
>> *From: *Anthony Whyte <arwhyte at umich.edu>
>> *Date: *April 24, 2013 9:01:00 AM EDT
>> *To: *Neal Caidin <nealcaidin at sakaifoundation.org>
>> *Cc: *"May, Megan Marie" <mmmay at indiana.edu>, "
>> sakai2-tcc at collab.sakaiproject.org Committee" <
>> sakai2-tcc at collab.sakaiproject.org>
>> *Subject: **Re: [sakai2-tcc] Question about AntiSamy decision*
>>
>> The problem 2.9.x merge is KNL-1015, r122360.
>>
>> Change
>>
>> #content.cleaner.use.legacy.html=false
>> . . .
>> #content.cleaner.default.low.security=true
>>
>> to
>>
>> content.cleaner.use.legacy.html=true
>> . . .
>> content.cleaner.default.low.security=true  (enabling this property
>> should be unnecessary, as the above property should override it,
>> irrespective of the value chosen)
>>
>>
>> Anth
>>
>>
>>
>> On Apr 24, 2013, at 8:40 AM, Neal Caidin wrote:
>>
>> Blocker bug to have AntiSamy off by default, or AntiSamy on with Low
>> setting by default?
>>
>> Thanks,
>> Neal
>>
>> On Apr 24, 2013, at 8:15 AM, "May, Megan Marie" <mmmay at indiana.edu>
>> wrote:
>>
>> File a blocker bug.
>>
>>
>> Megan
>>
>>
>> Sent from my iPhone
>>
>>
>> On Apr 24, 2013, at 8:13 AM, "Neal Caidin" <
>> nealcaidin at sakaifoundation.org> wrote:
>>
>>
>>
>> Hi TCC,
>>
>>
>> For some reason I had it in my head that the default for AntiSamy in CLE
>> 2.9.2 is on with Low setting.  But when I look at the recorded decision it
>> indicates that AntiSamy will be disabled by default for 2.9.2 . Thirdly,
>> when I look at the properties, it appears to me to be set to default on
>> AntiSamy High. ugh :-p . Please help?
>>
>>
>> See below for details.
>>
>>
>> Thanks,
>>
>> Neal
>>
>>
>>
>> Proposal
>>
>> --------------------------
>>
>> https://confluence.sakaiproject.org/display/TCC/2013+TCC+Voting+Summary
>>
>>
>> "PROPOSAL
>>
>> Inclusion of Anitsamy as a replacement of formattedtext in 2.9.2.  The
>> change will be disabled OOTB and summaries of low and high AntiSamy
>> policies will be provided in 'plain speak.'
>>
>>
>> Once there is positive production experience, Antisamy will be the
>> default in subsequent releases (ie 2.9.3)."
>>
>>
>> AntiSamy properties in 2.9.x -
>> https://source.sakaiproject.org/viewsvn/config/branches/sakai-2.9.x/configuration/bundles/src/bundle/org/sakaiproject/config/bundle/default.sakai.properties?view=markup
>>
>> -----------------------------
>>
>> # Force the use of the legacy html content processor (used in versions
>> before and including 2.9),
>>
>> # if this is not overridden then the antisamy html cleaner will be used
>>
>> # Default: true in 2.9.x and below (do not use AntiSamy), false in 2.10.x
>> and above (use AntiSamy)
>>
>> #content.cleaner.use.legacy.html=false
>>
>>
>> # Force the user of a lower security profile for content processing and
>> scanning,
>>
>> # if this is not overridden then high security settings are used.
>>
>> # The standard high and low files are located in
>> "kernel/sakai-kernel-impl/src/main/resources/antisamy/"
>>
>> # Override the standard files by placing your own files in:
>>
>> #       ${sakai.home}/antisamy/high-security-policy.xml
>>
>> #       ${sakai.home}/antisamy/low-security-policy.xml
>>
>> # NOTE: only works if AntiSamy is enabled (see
>> content.cleaner.use.legacy.html)
>>
>> # Default: false (use high security - no unsafe embeds or objects)
>>
>> #content.cleaner.default.low.security=true
>>
>>
>> AntiSamy properties in Trunk -
>> https://source.sakaiproject.org/viewsvn/config/trunk/configuration/bundles/src/bundle/org/sakaiproject/config/bundle/default.sakai.properties?view=markup
>>
>> --------------------------------
>>
>> # Force the use of the legacy html content processor (used in versions
>> before and including 2.9),
>>
>> # if this is not overridden then the antisamy html cleaner will be used
>>
>> # Default: false (use AntiSamy)
>>
>> #content.cleaner.use.legacy.html=true
>>
>>
>> # Force the user of a lower security profile for content processing and
>> scanning,
>>
>> # if this is not overridden then high security settings are used.
>>
>> # The standard high and low files are located in
>> "kernel/sakai-kernel-impl/src/main/resources/antisamy/"
>>
>> # Override the standard files by placing your own files in:
>>
>> #       ${sakai.home}/antisamy/high-security-policy.xml
>>
>> #       ${sakai.home}/antisamy/low-security-policy.xml
>>
>> # NOTE: only works if AntiSamy is enabled (see
>> content.cleaner.use.legacy.html)
>>
>> # Default: false (use high security - no unsafe embeds or objects)
>>
>> #content.cleaner.default.low.security=true
>>
>>
>>
>> _______________________________________________
>>
>> sakai2-tcc mailing list
>>
>> sakai2-tcc at collab.sakaiproject.org
>>
>> http://collab.sakaiproject.org/mailman/listinfo/sakai2-tcc
>>
>>
>> _______________________________________________
>> sakai2-tcc mailing list
>> sakai2-tcc at collab.sakaiproject.org
>> http://collab.sakaiproject.org/mailman/listinfo/sakai2-tcc
>>
>>
>>
>>
>> _______________________________________________
>> cle-release-team mailing list
>> cle-release-team at collab.sakaiproject.org
>> http://collab.sakaiproject.org/mailman/listinfo/cle-release-team
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai2-tcc/attachments/20130424/3533b205/attachment-0001.html

More information about the sakai2-tcc mailing list