Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

1. Check out the Simple Content Portlet from Jasig Subversion:

No Format

$ svn co https://wwwsource.ja-sigjasig.org/svnportlets/sandbox/SimpleContentPortlet/trunk SimpleContentPortlet

2. Build the portlet using maven.

No Format

$ cd SimpleContentPortlet
$ mvn clean install

...

In uPortal, this step involves calling the portal's deployPortletApp ant task from the command line. From uPortal's top-level directory:

No Format

$ ant deployPortletApp -DportletApp=/path/to/SimpleContentPortlet/target/SimpleContentPortlet.war

...

HTML Validation and Security

...

The Simple Content Management portlet uses OWASP's AntiSamy tool to validate and sanitize HTML input. By default, the portlet ships with a configuration that prevents users from entering JavaScript or other potentially dangerous code.

...

Using JavaScript

While the validation rules for most HTML tags and attributes may be set through manipulating the AntiSamy configuration file, no amount of twiddling will successfully enable AntiSamy to allow the inclusion of JavaScript code. You may optionally allow content publishers to include script elements by disabling the AntiSamy scan.

Important Considerations

Disabling AntiSamy means that any user with publishing rights in your portal will be able to include potentially dangerous code in the portal. Please do not disable HTML validation unless you've carefully reviewed your portal's administrative groups and permissions, have locked down access to the portal's configuration mode, and trust both the judgement and HTML authoring skills of your administrative users.

Before disabling AntiSamy, Jen recommends taking a deep breath while reflecting over the life and times of Little Bobby Tables.

Disabling AntiSamy

AntiSamy may be disabled via a simple portlet preference called "cleanContent". To disable content scanning, simply set "cleanContent" to "false". A sample alternate "Advanced CMS" configuration with content scanning disabled is included at the bottom of the distributed portlet.xml file.

CKEDITOR configuration

In addition to AntiSamy, the editor used (CKEDITOR) does its own filtering and transformation.  To disable CKEDITOR' content filtering and rely only on AntiSamy, modify WEB-INF/jsp/configureContent.jsp to have 

allowedContent: true;

See https://github.com/Jasig/SimpleContentPortlet/blob/SimpleContentPortlet-1.1.1/src/main/webapp/WEB-INF/jsp/configureContent.jsp#L82

Registering as a uPortal Portlet Publishing Type

In uPortal, the Simple Content Portlet may be registered as a pre-configured portlet publishing type. Registering the portlet in this manner will create a new option in the initial "portlet type" screen of the portlet administration wizard and will pre-configure some of the settings of the portlet. You will need to execute an ant deploy-war to deploy this file to Tomcat.

To register this new portlet type, first create a new directory in the uPortal source tree at uportal-war/src/main/resources/org/jasig/portal/channels/CMS. Copy the file from docs/cpd/cms.cpd in the portlet into this new directory.

Next, import the portlet's .channel file into your portal. From the uPortal base directory:

Code Block
ant crn-import -Ddir=/path/to/SimpleContentPortlet/docs/import -Dpattern=cms.channel-type