Skip to:

Skip to Jira Navigation
Skip to Side Navigation
Skip to Main Content

h5p, sharestream, kaltura antisamy whitelists aren't working

GENERAL

TESTING

GENERAL

TESTING

Description

h5p, sharestream, kaltura antisamy whitelists aren't working

even though those sites are added to the antisamy/high-security-policy.xml whitelist, embedding their embed codes in e.g. lessons does not work

Actually, I could not test sharestream because I don't have an account with them, but it appears as though it would be affected by the bug as well.

it fails on https://trunk-mysql.nightly.sakaiproject.org/

Linked issues

cloned from

Flipboard antisamy whitelists aren't working

relates to

Allow sharestream.net and kaf.kaltura.com embeds

AntiSamy allow h5p.org

Activity

Show:

Austin May 4, 2018 at 8:50 PM

https://github.com/sakaiproject/sakai/pull/5569

Austin May 4, 2018 at 8:35 PM
Edited

I believe the problem occurs because the regex for these sites in the antisamy/high-security-policy.xml whitelist is using delimited trailing forward slashes

(.*)\.sharestream\.(com|net)\/
(.*)\.kaltura\.(com|net)\/
h5p\.(com|org)\/

removing the delimited trailing forward slashes appears to fix the problem (could possibly just remove the delimiter, but I believe removing both works as well.

Fixed

Details
Priority
Major
Affects versions
12.5
19.0
Fix versions
12.6
19.0
Components
Assignee
Core Team
Reporter
Austin

Created May 4, 2018 at 8:30 PM

Updated March 12, 2024 at 3:52 PM

Resolved May 8, 2018 at 9:31 AM