scripts/mir-setup/README: update with link to new doc on wiki

[mir.git] / source / default.properties

diff --git a/source/default.properties b/source/default.properties
index 91abb4f..739f8cc 100755 (executable)
--- a/source/default.properties
+++ b/source/default.properties
@@ -78,7 +78,7 @@ AccessControl.LockingOptional = 1
 
 # the templates
 Mir.Localizer.Producer.GeneratorLibrary= default=freemarker(etc/producer/)
-Mir.Localizer.Admin.GeneratorLibrary= default=freemarker(templates/admin/),preview=freemarker(etc/producer)
+Mir.Localizer.Admin.GeneratorLibrary= default=freemarker(templates/admin/),preview=freemarker(etc/producer),local=freemarker(etc/admin)
 Mir.Localizer.OpenPosting.GeneratorLibrary= default=freemarker(etc/open/)
 
 # Should an XSS preventing interceptor be used by the producer subsystem?
@@ -216,9 +216,6 @@ Producer.RealMedia.Host=rtsp://some.media.server/somedir/
 # absolute directory, where the images are saved
 Producer.Image.Path=/pub/Dokumente/Indymedia/de-tech/Mir/produced/images/
 
-# should images be resized?
-Producer.Image.ScaleImages=0
-
 # absolute directory where image originals are saved if image resizing is enabled
 # this can be ignored if image scaling is not being used
 #
@@ -448,6 +445,15 @@ Localizer.OpenSession.email.DoneTemplate =/sent_mail.template
 
 Localizer.HTML.Whitelist=a;img;h1;h2;h3;h4;h5;h6;br;form;input;hr;strong;font;b;i;em;p;table;tr;td;th;ul;ol;li
 
+Localizer.HTML.BadAttributeValuePrefixes=javascript;vbscript;about;wysiwyg;data;view-source;ms-its;mhtml;shell;lynxexec;lynxcgi;hcp;ms-help;help;disk;vnd.ms.radio;opera;res;resource;chrome;mocha;livescript
+
+Localizer.HTML.BadAttributes=onabort;onblur;onchange;onclick;ondblclick;onerror;onfocus;onkeydown;onKeypress;onkeyup;onload;onmousedown;onmousemove;onmouseout;onmouseover;onmouseup;onreset;onselect;onsubmit;onunload;onload;onclick;onfocus;onblur;FSCommand;onAbort;onActivate;onAfterPrint;onAfterUpdate;onBeforeActivate;onBeforeCopy;onBeforeCut;onBeforeDeactivate;onBeforeEditFocus;onBeforePaste;onBeforePrint;onBeforeUnload;onBegin;onBlur;onBounce;onCellChange;onChange;onClick;onContextMenu;onControlSelect;onCopy;onCut;onDataAvailible;onDataSetChanged;onDataSetComplete;onDblClick;onDeactivate;onDrag;onDragEnd;onDragLeave;onDragEnter;onDragOver;onDragDrop;onDrop;onEnd;onError;onErrorUpdate;onExit;onFilterChange;onFinish;onFocus;onFocusIn;onFocusOut;onHelp;onKeyDown;onKeyPress;onKeyUp;onLayoutComplete;onLoad;onLoseCapture;onMediaComplete;onMediaError;onMouseDown;onMouseEnter;onMouseLeave;onMouseMove;onMouseOut;onMouseOver;onMouseUp;onMouseWheel;onMove;onMoveEnd;onMoveStart;onOutOfSync;onPaste;onPause;onProgress;onPropertyChange;onReadyStateChange;onRepeat;onReset;onResize;onResizeEnd;onResizeStart;onResume;onReverse;onRowEnter;onRowExit;onRowDelete;onRowInserted;onScroll;onSeek;onSelect;onSelectionChange;onSelectStart;onStart;onStop;onSynchRestored;onSubmit;onTimeError;onTrackChange;onUnload;onURLFlip;seekSegmentTime;style;height;width
+
+# don't let external content get loaded
+Localizer.HTML.KillWebBugs=0
+Localizer.HTML.ExternalLocationAttributeValuePrefixes=http://;https://;ftp://;gopher://
+Localizer.HTML.WhitelistedExternalLocationAttributeValuePrefixes=http://media.de.indymedia.org/;https://media.de.indymedia.org/
+
 
 #
 # config used for OpenIndy