Bug #547902 (mahara-eduforge-feature-request-3115) “Ability to e...” : Bugs : Mahara

Revision history for this message

Ray Merrill (rmerrill) wrote on 2009-02-01:

#1

The ability for user's to embed code/script within their
views (web pages) is not really practical. Sites like
Facebook and MySpace used to let people do so because it
makes for such a greater experience and capability ...
unfortunately it opens up security and virus concerns that
are not really acceptable, particularly to implementations
that are going to being connected to district and university
databases.

With that said the ability for site, institution, and
certain types of groups to embed javascript within their
views (web pages) is a really good thing, as administrators
can and should be trustworthy to avoid mischief or malicious
activity.

Also, as an alternative, we could follow the same approach
that MySpace and Facebook have in allowing for individuals
and groups to create plugin applications (for Mahara, it
would be plug in blocks). For MySpace and Facebook, such
applications undergo a technical code review to ensure they
are trustworthy.

Revision history for this message

Scot Aldred (s-aldred) wrote on 2009-02-01:

#2

I'm with Mary here. Mahara needs to have a greater range of media that can be embedded within a particular view. I use SitePal Avatars, SlideShare slide casts and a range of other embeds that are not supported by Mahara.

Revision history for this message

Dan Poltawski (dan-poltawski) wrote on 2009-02-01:

#3

This seems like an opportune moment to say 'sammy is my hero' (http://namb.la/popular/). (sorry).

This is a real tricky issue to 'get right', and unfortunately the rewards for malicious students would be far greater than a million friends ;)

Revision history for this message

Nigel-catalyst (nigel-catalyst) wrote on 2009-02-01:

#4

Download full text (3.7 KiB)

There are some really good points on both sides here.

On one side are the users, who want to be able to copy embed codes from their favourite sites, and have it all just work. These people, whether they know it or not, also don't want their sites to be hacked.

The other side has the system administrators, who don't want their users and servers being compromised. But they bear the brunt of complaints
when users can't embed stuff from whatever the latest fashionable site is :)

The current Mahara solution prudently favours the system administrators - nobody wants their servers hacked. But it's clear that this is probl
ematic for users.

Given that we can't control the method by which users want to embed content (pasting in embed codes from other sites), we have to try find a s
olution that allows users to embed stuff from "trusted" sites. While the system administrators may have their own definitions of "trusted", th
e reality is that they shouldn't all be forced to keep up with the latest web 2.0 innovations just to give users this ability.

With all that in mind, I came up with a potential solution: how about if we solve this problem in the same way that antivirus products do?

The list of viruses is ever-changing, yet this doesn't cause system admins to keep up with all of them. Most sysadmins have never even _heard_
of 99.9% of viruses, because the antivirus companies distribute signature files that enable the system to recognise viruses. And we could use
this same technique with the HTML filtering software, so that most sites will work on all Mahara installations without much effort from anyone.

What I am proposing is that the mahara.org distributes, separately from Mahara, a download containing embedded content HTMLPurifier filters. HTMLPurifier is the name of the filtering software we are using, and it supports having filters to allow certain content. If mahara.org provided this as a download, then people could just grab the new filters from time to time, which would keep them up to date and allow new sites to be added.

This download could be maintained by the community, with people suggesting new filters, others writing them, and mahara.org distributing them. Hell, I'm sure that the Moodle community would be interested too, and maybe even the HTMLPurifier community. If this idea is workable, we could even spin this off to the FOSS community at large to do (or at least the part that cares about HTMLPurifier :).

I think this solution has these benefits:

* Users will be able to embed content from all manner of interesting social networking sites, without being able to embed malicious content most of the time.
* Sysadmins will just have to download the signature file from time to time. Assuming they trust mahara.org to do a good job, this is all they'll have to do to keep their users happy. We can provide an extra level of control for sysadmins to disable filters too, if they don't want to allow e.g. flickr for whatever reason.
* The community at large will have to make the filters, but as they say, many hands make light work :). After a while, the list will be quite comprehensive, with not much input re...

There are some really good points on both sides here.

On one side are the users, who want to be able to copy embed codes from their favourite sites, and have it all just work. These people, whether they know it or not, also don't want their sites to be hacked.

The other side has the system administrators, who don't want their users and servers being compromised. But they bear the brunt of complaints
when users can't embed stuff from whatever the latest fashionable site is :)

The current Mahara solution prudently favours the system administrators - nobody wants their servers hacked. But it's clear that this is probl
ematic for users.

Given that we can't control the method by which users want to embed content (pasting in embed codes from other sites), we have to try find a s
olution that allows users to embed stuff from "trusted" sites. While the system administrators may have their own definitions of "trusted", th
e reality is that they shouldn't all be forced to keep up with the latest web 2.0 innovations just to give users this ability.

With all that in mind, I came up with a potential solution: how about if we solve this problem in the same way that antivirus products do?

The list of viruses is ever-changing, yet this doesn't cause system admins to keep up with all of them. Most sysadmins have never even _heard_
 of 99.9% of viruses, because the antivirus companies distribute signature files that enable the system to recognise viruses. And we could use
 this same technique with the HTML filtering software, so that most sites will work on all Mahara installations without much effort from anyone.

What I am proposing is that the mahara.org distributes, separately from Mahara, a download containing embedded content HTMLPurifier filters. HTMLPurifier is the name of the filtering software we are using, and it supports having filters to allow certain content. If mahara.org provided this as a download, then people could just grab the new filters from time to time, which would keep them up to date and allow new sites to be added.

This download could be maintained by the community, with people suggesting new filters, others writing them, and mahara.org distributing them. Hell, I'm sure that the Moodle community would be interested too, and maybe even the HTMLPurifier community. If this idea is workable, we could even spin this off to the FOSS community at large to do (or at least the part that cares about HTMLPurifier :).

I think this solution has these benefits:

* Users will be able to embed content from all manner of interesting social networking sites, without being able to embed malicious content most of the time.
* Sysadmins will just have to download the signature file from time to time. Assuming they trust mahara.org to do a good job, this is all they'll have to do to keep their users happy. We can provide an extra level of control for sysadmins to disable filters too, if they don't want to allow e.g. flickr for whatever reason.
* The community at large will have to make the filters, but as they say, many hands make light work :). After a while, the list will be quite comprehensive, with not much input required to keep it up to date.
* We (the Mahara core team) will have to validate filters for security, but this is a reasonably simple job. We'll have to provide the downloads, but we can script away a bunch of the work so that when someone writes a filter, we have little to do but vet it for security before it's available in the next signature update.
* Eventually, we could arrange for Mahara itself to grab the signature file on a weekly basis, using MNET or https for security :)

Does anyone have any thoughts about this? Good idea/bad idea?

Revision history for this message

Nigel-catalyst (nigel-catalyst) wrote on 2009-02-01:

#5

I have posted on the HTMLPurifier forums about this: http://htmlpurifier.org/phorum/read.php?3,2934

Revision history for this message

Richard Mansfield (richard-mansfield) wrote on 2009-02-17:

#6

Added a mechanism for installation of new html purifier filters.

Revision history for this message

Nigel-catalyst (nigel-catalyst) wrote on 2009-02-26:

#7

Mahara 1.1 has shipped with a few filters implemented this way, but we still have to arrange to have the filter repo and scripts set up.

Revision history for this message

Nigel-catalyst (nigel-catalyst) wrote on 2009-10-28:

#8

We should address this after 1.2.

Mahara

Ability to embed code/javascript/html

Bug Description

Other bug subscribers

Remote bug watches