Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-38502

Replace custom stuff in formattedtext with Antisamy processing

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: CLOSED
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.9.x
    • Fix Version/s: 2.9.x
    • Component/s: Kernel
    • Labels:
    • Property addition/change required:
      Yes
    • CLE Team Issue:
      Yes
    • Previous Issue Keys:
      KNL-1015

      Description

      Antisamy: https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project
      Google code page: http://code.google.com/p/owaspantisamy/

      Need to come back to this work after a hiatus.
      Relates to work in KNL-496

      We should enable antisamy (with the current version) and then switch over FT to use it only.
      Then we have to fix all the tests which stop working.
      Finally, we have to list and deal with the differences in processing.

      Config options:

      1. Force the use of the legacy html content processor (used in versions before and including 2.9),
      2. if this is not overridden then the antisamy html cleaner will be used
      3. Default: false (use AntiSamy)
        #content.cleaner.use.legacy.html=true
      1. Force the user of a lower security profile for content processing and scanning,
      2. if this is not overridden then high security settings are used.
      3. The standard high and low files are located in "kernel/sakai-kernel-impl/src/main/resources/antisamy/"
      4. Override the standard files by placing your own files in:
      5. ${sakai.home}/antisamy/high-security-policy.xml
      6. ${sakai.home}/antisamy/low-security-policy.xml
      7. NOTE: only works if AntiSamy is enabled (see content.cleaner.use.legacy.html)
      8. Default: false (use high security - no unsafe embeds or objects)
        #content.cleaner.default.low.security=true

      Overrides:
      ${sakai.home}/antisamy/high-security-policy.xml
      ${sakai.home}/antisamy/low-security-policy.xml

        Gliffy Diagrams

          Attachments

          1. antisamy.xml
            77 kB
          2. KNL-1015_2.patch.txt
            0.8 kB
          3. KNL-1015.patch.txt
            199 kB

            Issue Links

              Activity

                People

                • Assignee:
                  aaronz Aaron Zeckoski (Inactive)
                  Reporter:
                  maintenanceteam Core Team
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  9 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Git Source Code