Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Replace custom stuff in formattedtext with Antisamy processing

Description

Antisamy: https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project
Google code page: http://code.google.com/p/owaspantisamy/

Need to come back to this work after a hiatus.
Relates to work in

We should enable antisamy (with the current version) and then switch over FT to use it only.
Then we have to fix all the tests which stop working.
Finally, we have to list and deal with the differences in processing.

Config options:

  1. Force the use of the legacy html content processor (used in versions before and including 2.9),

  2. if this is not overridden then the antisamy html cleaner will be used

  3. Default: false (use AntiSamy)
    #content.cleaner.use.legacy.html=true

  1. Force the user of a lower security profile for content processing and scanning,

  2. if this is not overridden then high security settings are used.

  3. The standard high and low files are located in "kernel/sakai-kernel-impl/src/main/resources/antisamy/"

  4. Override the standard files by placing your own files in:

  5. ${sakai.home}/antisamy/high-security-policy.xml

  6. ${sakai.home}/antisamy/low-security-policy.xml

  7. NOTE: only works if AntiSamy is enabled (see content.cleaner.use.legacy.html)

  8. Default: false (use high security - no unsafe embeds or objects)
    #content.cleaner.default.low.security=true

Overrides:
${sakai.home}/antisamy/high-security-policy.xml
${sakai.home}/antisamy/low-security-policy.xml

Attachments

3
100% Done
Loading...

depends on

is depended on by

is related to

relates to

Activity

Show:

Hudson CI Server August 1, 2013 at 1:50 PM

Integrated in kernel-trunk #691 (See http://builds.sakaiproject.org:8080/job/kernel-trunk/691/)
adding extra instructions for users who want to add their own sites to high (Revision 128058)

Result = SUCCESS

Aaron Zeckoski August 1, 2013 at 9:28 AM

<!-- SAKAI customized trusted sites listing:
This is where we specify what Flash/embed/iframe src to allow
To add a new host/site to this list:
Find this in the flashSites below: ...(download\.macromedia\.com/pub|...
Add in your site (e.g. "new.site.host.com/path": with escaped ".": "new\.site\.host\.com/path|"
Like shown here: (new\.site\.host\.com/path|download\.macromedia\.com/pub|
-->
<regexp name="flashSites".....

Sam Ottenhoff April 10, 2013 at 9:27 AM

Additional 1.3.x merge of r122405: r122516

Hudson CI Server April 8, 2013 at 5:16 PM

Integrated in kernel-trunk #652 (See http://builds.sakaiproject.org:8080/job/kernel-trunk/652/)
made the unit tests run specifically for antisamy even when legacy is enabled (Revision 122405)

Result = SUCCESS

Sam Ottenhoff April 8, 2013 at 10:59 AM

1.3.x r122360

Fixed

Details

Priority

Affects versions

Fix versions

Components

Assignee

Reporter

Labels

Property addition/change required

Yes

Created January 17, 2013 at 10:41 AM
Updated April 25, 2018 at 3:18 PM
Resolved March 29, 2013 at 1:44 PM