gharper

Whitelist kaltura or other sites in safeHTML Filter

Blog Post created by gharper on Nov 18, 2019

In order for students to have the ability to add content via an iframe the site needs to be whitelisted in the safeHTML filter.

 

 

 

System Admin > Safe HTML Filters > Safe HTML Filter for Content Editor

 

Download the default policy

 


open it with a text editor and find the line that starts:

 

<tag name="iframe" action="validate">

 

You need to add two things here.

 

Firstly to allow the full screen option add:

 

<attribute name="allowfullscreen">
    <regexp-list>
        <regexp name="anything"/>
    </regexp-list>
</attribute>

 

Then to whitelist your kaltura site or other site add the following under <regexp-list>:

<regexp value="http[s]?://cdnsecakmi.kaltura.com/.*" />

 

 

The policy section will look something like this:

 

........
        <tag name="iframe" action="validate">
            <attribute name="allowfullscreen">
                <regexp-list>
                    <regexp name="anything"/>
                </regexp-list>
            </attribute>
            <attribute name="align" />
            <attribute name="frameborder" />
            <attribute name="height" />
            <attribute name="longdesc" />
            <attribute name="marginheight" />
            <attribute name="marginwidth" />
            <attribute name="name" />
            <attribute name="scrolling" />
            <attribute name="src">
                <regexp-list>
                    <regexp value="http[s]?://cdnsecakmi.kaltura.com/.*" />
                    <regexp value="/webapps/osv-kaltura-[A-Za-z0-9_]+/.*" />
                    <regexp value="/webapps/wvms-bb-[A-Za-z0-9_]+/vtbe_va.*" />
.........


Save the file with a descriptive name like Default_policy_kaltura

 

In the ui navigate back to:

 

System Admin > Safe HTML Filters > Safe HTML Filter for Content Editor

 

Click Upload and browse to the new policy file.
Click submit

 

Then in the context menu next to the name of the new policy click the Activate link.

 

Once this is done a rolling restart of the system will be required for the new policy to propagate to all application servers.

Outcomes