Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-44168

AntiSamy is filtering ContentItem Embeds

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Verified
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 20.1, 21.0 [Tentative]
    • Fix Version/s: 21.0 [Tentative]
    • Component/s: BasicLTI, Kernel
    • Labels:
      None
    • Test Plan:
      Hide
      1. Using the RTE embed a content item
      2. After saving there should not be a UI error saying content was sanitized
      3. The Content Item should be visible in the iframe
      4. Edit it again clicking source should show the iframe and the src attribute should not be missing.
      Show
      Using the RTE embed a content item After saving there should not be a UI error saying content was sanitized The Content Item should be visible in the iframe Edit it again clicking source should show the iframe and the src attribute should not be missing.

      Description

      When using the Rich Text Editor and selecting a ContentItem it will embed an iframe which when saved AntiSamy then filters and removes the "src" attribute because the local service is not white listed.

      This change will automatically add the sakai server url as a group matcher to the flashSites antisamy regexp that is responsible for filtering the iframe "src" attribute.

      Essentially we are trusting our own service will not be delivering evil iframes!

        Gliffy Diagrams

          Zeplin

            Attachments

              Activity

                People

                Assignee:
                ern Earle R Nietzel
                Reporter:
                ern Earle R Nietzel
                Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    Git Integration