Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-38502

Replace custom stuff in formattedtext with Antisamy processing

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: CLOSED
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.9.x
    • Fix Version/s: 2.9.x
    • Component/s: Kernel
    • Labels:
    • Property addition/change required:
      Yes
    • CLE Team Issue:
      Yes
    • Previous Issue Keys:
      KNL-1015

      Description

      Antisamy: https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project
      Google code page: http://code.google.com/p/owaspantisamy/

      Need to come back to this work after a hiatus.
      Relates to work in KNL-496

      We should enable antisamy (with the current version) and then switch over FT to use it only.
      Then we have to fix all the tests which stop working.
      Finally, we have to list and deal with the differences in processing.

      Config options:

      1. Force the use of the legacy html content processor (used in versions before and including 2.9),
      2. if this is not overridden then the antisamy html cleaner will be used
      3. Default: false (use AntiSamy)
        #content.cleaner.use.legacy.html=true
      1. Force the user of a lower security profile for content processing and scanning,
      2. if this is not overridden then high security settings are used.
      3. The standard high and low files are located in "kernel/sakai-kernel-impl/src/main/resources/antisamy/"
      4. Override the standard files by placing your own files in:
      5. ${sakai.home}/antisamy/high-security-policy.xml
      6. ${sakai.home}/antisamy/low-security-policy.xml
      7. NOTE: only works if AntiSamy is enabled (see content.cleaner.use.legacy.html)
      8. Default: false (use high security - no unsafe embeds or objects)
        #content.cleaner.default.low.security=true

      Overrides:
      ${sakai.home}/antisamy/high-security-policy.xml
      ${sakai.home}/antisamy/low-security-policy.xml

        Gliffy Diagrams

          Zeplin

            Attachments

            1. antisamy.xml
              77 kB
            2. KNL-1015_2.patch.txt
              0.8 kB
            3. KNL-1015.patch.txt
              199 kB

              Issue Links

                Activity

                  People

                  • Assignee:
                    aaronz Aaron Zeckoski (Inactive)
                    Reporter:
                    maintenanceteam Core Team
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    9 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved:

                      Git Integration