[sakai2-tcc] [cle-release-team] Fwd: Question about AntiSamy decision
Noah Botimer
botimer at umich.edu
Wed Apr 24 07:13:59 PDT 2013
Ze FormattedText! It does nothing!
http://memegenerator.net/instance/37239872
Thanks,
-Noah
On Apr 24, 2013, at 10:00 AM, Sam Ottenhoff wrote:
> It's read at startup exactly as you describe.... but everything related to use of the legacy cleaner is commented out, so it does nothing.
>
>
> On Wed, Apr 24, 2013 at 9:54 AM, Anthony Whyte <arwhyte at umich.edu> wrote:
> Are you saying that /config default.sakai.properties is no longer read on start up as was formerly the case?
>
> kernel.properties
> overridden by config default.sakai.properties
> overridden by local deployers sakai.properties
>
> Anth
>
>
>
>
> On Apr 24, 2013, at 9:51 AM, Sam Ottenhoff wrote:
>
>> I'm not following.... In default.sakai.properties it's just a comment. Nothing is activated unless the Sakai deployer chooses to explicitly override in their deployment using their own sakai.properties or local.properties.
>>
>> --Sam
>>
>>
>> On Wed, Apr 24, 2013 at 9:45 AM, Anthony Whyte <arwhyte at umich.edu> wrote:
>> It will override once it's activated.
>>
>> Anth
>>
>>
>> On Apr 24, 2013, at 9:38 AM, Sam Ottenhoff wrote:
>>
>>> default.sakai.properties doesn't override, it documents the defaults.
>>>
>>> http://source.sakaiproject.org/viewsvn/config/branches/sakai-2.9.x/configuration/bundles/src/bundle/org/sakaiproject/config/bundle/default.sakai.properties?view=markup
>>>
>>> Line 335: # Default: true in 2.9.x and below (do not use AntiSamy), false in 2.10.x and above (use AntiSamy)
>>>
>>>
>>> On Wed, Apr 24, 2013 at 9:08 AM, Anthony Whyte <arwhyte at umich.edu> wrote:
>>> I should also note that that KNL-1015, r122516 adds the following property setting to kernel.properties
>>>
>>> # KNL-1015: setting default for 2.9.2 release
>>> content.cleaner.use.legacy.html=true
>>>
>>> Not much value in this tweek of kernel.properties since it's going to get overridden by the settings embedded in default.sakai.properties.
>>>
>>> Anth
>>>
>>>
>>>
>>>
>>> Begin forwarded message:
>>>
>>>> From: Anthony Whyte <arwhyte at umich.edu>
>>>> Date: April 24, 2013 9:01:00 AM EDT
>>>> To: Neal Caidin <nealcaidin at sakaifoundation.org>
>>>> Cc: "May, Megan Marie" <mmmay at indiana.edu>, "sakai2-tcc at collab.sakaiproject.org Committee" <sakai2-tcc at collab.sakaiproject.org>
>>>> Subject: Re: [sakai2-tcc] Question about AntiSamy decision
>>>>
>>>> The problem 2.9.x merge is KNL-1015, r122360.
>>>>
>>>> Change
>>>>
>>>> #content.cleaner.use.legacy.html=false
>>>> . . .
>>>> #content.cleaner.default.low.security=true
>>>>
>>>> to
>>>>
>>>> content.cleaner.use.legacy.html=true
>>>> . . .
>>>> content.cleaner.default.low.security=true (enabling this property should be unnecessary, as the above property should override it, irrespective of the value chosen)
>>>>
>>>>
>>>> Anth
>>>>
>>>>
>>>>
>>>> On Apr 24, 2013, at 8:40 AM, Neal Caidin wrote:
>>>>
>>>>> Blocker bug to have AntiSamy off by default, or AntiSamy on with Low setting by default?
>>>>>
>>>>> Thanks,
>>>>> Neal
>>>>>
>>>>> On Apr 24, 2013, at 8:15 AM, "May, Megan Marie" <mmmay at indiana.edu> wrote:
>>>>>
>>>>>> File a blocker bug.
>>>>>>
>>>>>> Megan
>>>>>>
>>>>>> Sent from my iPhone
>>>>>>
>>>>>> On Apr 24, 2013, at 8:13 AM, "Neal Caidin" <nealcaidin at sakaifoundation.org> wrote:
>>>>>>
>>>>>>>
>>>>>>> Hi TCC,
>>>>>>>
>>>>>>> For some reason I had it in my head that the default for AntiSamy in CLE 2.9.2 is on with Low setting. But when I look at the recorded decision it indicates that AntiSamy will be disabled by default for 2.9.2 . Thirdly, when I look at the properties, it appears to me to be set to default on AntiSamy High. ugh :-p . Please help?
>>>>>>>
>>>>>>> See below for details.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Neal
>>>>>>>
>>>>>>>
>>>>>>> Proposal
>>>>>>> --------------------------
>>>>>>> https://confluence.sakaiproject.org/display/TCC/2013+TCC+Voting+Summary
>>>>>>>
>>>>>>> "PROPOSAL
>>>>>>> Inclusion of Anitsamy as a replacement of formattedtext in 2.9.2. The change will be disabled OOTB and summaries of low and high AntiSamy policies will be provided in 'plain speak.'
>>>>>>>
>>>>>>> Once there is positive production experience, Antisamy will be the default in subsequent releases (ie 2.9.3)."
>>>>>>>
>>>>>>> AntiSamy properties in 2.9.x - https://source.sakaiproject.org/viewsvn/config/branches/sakai-2.9.x/configuration/bundles/src/bundle/org/sakaiproject/config/bundle/default.sakai.properties?view=markup
>>>>>>> -----------------------------
>>>>>>> # Force the use of the legacy html content processor (used in versions before and including 2.9),
>>>>>>> # if this is not overridden then the antisamy html cleaner will be used
>>>>>>> # Default: true in 2.9.x and below (do not use AntiSamy), false in 2.10.x and above (use AntiSamy)
>>>>>>> #content.cleaner.use.legacy.html=false
>>>>>>>
>>>>>>> # Force the user of a lower security profile for content processing and scanning,
>>>>>>> # if this is not overridden then high security settings are used.
>>>>>>> # The standard high and low files are located in "kernel/sakai-kernel-impl/src/main/resources/antisamy/"
>>>>>>> # Override the standard files by placing your own files in:
>>>>>>> # ${sakai.home}/antisamy/high-security-policy.xml
>>>>>>> # ${sakai.home}/antisamy/low-security-policy.xml
>>>>>>> # NOTE: only works if AntiSamy is enabled (see content.cleaner.use.legacy.html)
>>>>>>> # Default: false (use high security - no unsafe embeds or objects)
>>>>>>> #content.cleaner.default.low.security=true
>>>>>>>
>>>>>>> AntiSamy properties in Trunk - https://source.sakaiproject.org/viewsvn/config/trunk/configuration/bundles/src/bundle/org/sakaiproject/config/bundle/default.sakai.properties?view=markup
>>>>>>> --------------------------------
>>>>>>> # Force the use of the legacy html content processor (used in versions before and including 2.9),
>>>>>>> # if this is not overridden then the antisamy html cleaner will be used
>>>>>>> # Default: false (use AntiSamy)
>>>>>>> #content.cleaner.use.legacy.html=true
>>>>>>>
>>>>>>> # Force the user of a lower security profile for content processing and scanning,
>>>>>>> # if this is not overridden then high security settings are used.
>>>>>>> # The standard high and low files are located in "kernel/sakai-kernel-impl/src/main/resources/antisamy/"
>>>>>>> # Override the standard files by placing your own files in:
>>>>>>> # ${sakai.home}/antisamy/high-security-policy.xml
>>>>>>> # ${sakai.home}/antisamy/low-security-policy.xml
>>>>>>> # NOTE: only works if AntiSamy is enabled (see content.cleaner.use.legacy.html)
>>>>>>> # Default: false (use high security - no unsafe embeds or objects)
>>>>>>> #content.cleaner.default.low.security=true
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> sakai2-tcc mailing list
>>>>>>> sakai2-tcc at collab.sakaiproject.org
>>>>>>> http://collab.sakaiproject.org/mailman/listinfo/sakai2-tcc
>>>>>
>>>>> _______________________________________________
>>>>> sakai2-tcc mailing list
>>>>> sakai2-tcc at collab.sakaiproject.org
>>>>> http://collab.sakaiproject.org/mailman/listinfo/sakai2-tcc
>>>>
>>>
>>>
>>> _______________________________________________
>>> cle-release-team mailing list
>>> cle-release-team at collab.sakaiproject.org
>>> http://collab.sakaiproject.org/mailman/listinfo/cle-release-team
>>>
>>>
>>
>>
>
>
> _______________________________________________
> cle-release-team mailing list
> cle-release-team at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/cle-release-team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai2-tcc/attachments/20130424/9d8babc0/attachment.html
More information about the sakai2-tcc
mailing list