[sakai2-tcc] Plan for CLE 2.9.3
Aaron Zeckoski
azeckoski at unicon.net
Thu Jun 20 10:37:23 PDT 2013
Also, for the record, the difference between high and low today is
that high restricts embeds and objects to a known set of safe hosts
whereas low allows any host (dangerous or otherwise). OWASP recommends
and defaults to NOT allowing embeds from sites outside the safe list
as it is an attack vector.
That high/low difference might change in the future but that is what
it will be for 2.9.x anyway.
-AZ
On Thu, Jun 20, 2013 at 1:31 PM, Seth Theriault <slt at columbia.edu> wrote:
> On Thu, Jun 20, 2013 at 1:11 PM, Neal Caidin
> <nealcaidin at sakaifoundation.org> wrote:
>
>> Scope - Antisamy on by default, High setting. Some additional fixes and
>> translations.
>
> For the record, there are no reported installations running with
> "High" as the default setting. Longsight has indicated that their
> clients are running with the "Low" setting.
>
> Seth
> _______________________________________________
> sakai2-tcc mailing list
> sakai2-tcc at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai2-tcc
--
Aaron Zeckoski - Software Architect - http://tinyurl.com/azprofile
More information about the sakai2-tcc
mailing list