I would like to modify a deployed installation of Sakai to allow iframes from several on-campus media servers. An example of an iframe is https://mediaserver.example.edu/p/player.html. What is the easiest way to edit the policy files in the deployed Tomcat?
How do I modify the Sakai installation's AntiSamy policy files?
903 Views Asked by samottenhoff At
1
There are 1 best solutions below
Related Questions in SAKAI
- Sakai google analytics - real time not working
- Sakai and multiple domain
- Sakai 11.3 Build in Virtual Box What is the gateway?
- Are there any popular course management system like Moodle?
- javax.faces.FacesException: Error performing conversion of value
- how to run sakai custom tool from maven
- How to deploy own files from maven
- Sakai Site page tools alignment
- I need to add a some more rules on textarea tag from low-security-policy in ashai to antisamy project
- Tomcat will not start after deploying sakai from source
- how to build and deploy sakai cle 2.9.x in eclipse
- No bean named 'org.sakaiproject.logic.SakaiProxy' is defined
- where is the mistake about this command?
- when i install ojdbc6.jar,i got this error,i don't know how to resolve it
- i want to build the developing environment of sakai oae on windows 7,but i don't know how to do it?
Related Questions in ANTISAMY
- How to sanitize form values to allow text-only
- AntiSamy, Cannot find reference for java.io.CharArrayReader
- Antisamy Java regex url does not accept pound or hash sign
- Updating policy file with html5 and css3
- JBoss AS 7: Error when use xml-apis.jar
- YouTube URL - regex
- How to include all the elements in PolicyBuilder in OWASP Java HTML Sanitizer
- Anti-samy code will avoid the onclick in anchor link
- Antisamy converting single quotes to double quotes
- AntiSamy for TinyMce style attributes
- NoClassDefFoundError in Tomcat 7
- Antisamy-tinymce removing <img> tag
- How to handle both Json and HTML santization from request parameters?
- How do I modify the Sakai installation's AntiSamy policy files?
- customizing the Antisamy policy xml to allow more html and grails tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Antisamy is an open source API and html scanner and cleaner. Sakai 2.9 or higher uses this as a part of it's security suite to protect users from XSS (Cross Site Scripting) attacks caused by malicious user created markup.
Sakai includes a default set of configurations which are community tested and will likely meet most users needs. These include a low and high security option (high is the default). To force Sakai to use the low security setting you can add a Sakai configuration property as shown below (setting this to false will default to high security):
The primary difference between the high and low settings is the blocking of unknown sites for external content (like vidoes or iframes). High only allows a limited list of trusted sites. Low allows content from any site. Both have extensive rules for protecting against javascript related injection attacks.
The Antisamy configuration files are XML based (see the Antisamy developer guide for more details). The standard high and low security files are located in the Sakai source code under "kernel/sakai-kernel-impl/src/main/resources/antisamy/". These can be used as a basis for a locally customized version. To override the included files, simple place a custom version in the Sakai home directory (typically TOMCAT_HOME/sakai), for example:
For your specific use case, you would probably modify the following section (near the top of the xml file) as indicated in the comment: