mirror/notebook
2
0
Fork 0
mirror of https://github.com/jupyter/notebook.git synced 2025-01-12 11:45:38 +08:00
Code Issues Packages Projects Releases Wiki Activity
4,317 Commits 20 Branches 1,036 Tags 78 MiB
b976986e8d
Commit Graph

4317 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
MinRK
156207ab41 don't forget to install caja 2014-03-03 16:10:21 -08:00
MinRK
aaefc5f296 remove warning for stripped output 2014-03-03 16:10:21 -08:00
MinRK
b5c8a51331 disable trust notebook menu item on trusted notebooks 2014-03-03 16:10:20 -08:00
MinRK
c9c23cd71c cleanup test_nbmanager 
use class setUp / teardown instead of the same context manager in every test
 2014-03-03 16:10:20 -08:00
MinRK
1ae689f30c Add Trust Notebook to File menu 2014-03-03 16:10:20 -08:00
MinRK
46665483ed remove struct-returning sanitize 
only keep str-str sanitization
 2014-03-03 16:10:20 -08:00
MinRK
d4780c2cfc remove security.is_safe 2014-03-03 16:10:20 -08:00
MinRK
d59e44a190 default to allow_css = false 2014-03-03 16:10:20 -08:00
MinRK
4d35660f3c sanitize CSS 
rather than removing it entirely
 2014-03-03 16:10:19 -08:00
MinRK
d7b1e8b45b test style 2014-03-03 16:10:19 -08:00
MinRK
5f7f1c51ec remove unused security warning 2014-03-03 16:10:19 -08:00
MinRK
c49f04545a don't use result.safe to communicate incomplete information 2014-03-03 16:10:19 -08:00
MinRK
028ce17c62 fix tagName comparison 2014-03-03 16:10:19 -08:00
MinRK
a7dc526b2b testing for sanitize 2014-03-03 16:10:18 -08:00
MinRK
3897b1c39f don't populate sanitized.safe by default 
since it's potentially expensive.

walk nodes in is_safe
 2014-03-03 16:10:18 -08:00
MinRK
6384502e47 sanitize untrusted HTML output 
rather than checking is_safe
 2014-03-03 16:10:18 -08:00
MinRK
3d0957c7bc trust latex 
If mathjax is insecure, we have big problems.
And we already trust mathjax in markdown cells,
so this is consistent.
 2014-03-03 16:10:18 -08:00
MinRK
4b01948200 check trust of data-attributes in sanitization 2014-03-03 16:10:18 -08:00
MinRK
367b4f85c2 wrap caja.sanitizeAttribs to trust data-* attributes 2014-03-03 16:10:17 -08:00
MinRK
c298670a4b use html-sanitizer instead of html-css 
always scrub css (for now)
 2014-03-03 16:10:17 -08:00
MinRK
eec5d427a4 add cmp_tree, in case caja log can't be trusted 
(spoiler: it can't)
 2014-03-03 16:10:17 -08:00
MinRK
0da66543a0 move security js test 2014-03-03 16:10:17 -08:00
MinRK
890c0be1dd always sanitize markdown 
don't check if it's safe or not
 2014-03-03 16:10:17 -08:00
MinRK
2a0451fdde use google-caja for sanitization 2014-03-03 16:06:41 -08:00
Brian E. Granger
07cdb1e195 Adding first round of security tests of is_safe. 2014-03-03 16:06:41 -08:00
Brian E. Granger
3b262912a1 Display safe HTML+SVG even if untrusted, but don't set trusted=1. 2014-03-03 16:06:40 -08:00
Brian E. Granger
31c9e08fa8 Don't render insecure Markdown and show warning. 2014-03-03 16:06:40 -08:00
Brian E. Granger
fa3f998295 Adding security.js with 1st attempt at is_safe. 2014-03-03 16:06:40 -08:00
Brian E. Granger
6f4263dc74 Removing conditionals that are not needed. 2014-03-03 16:03:06 -08:00
Paul Ivanov
6c8cccf9e3 fix test suite 
is_hidden expects the file to actually exist, so I've rearranged the
logic such that is_hidden is called only after it's clear that the file
exists.
 2014-03-03 16:02:07 -08:00
Brian E. Granger
e374ca5ebb Refactoring Notebook.command_mode. 2014-03-03 15:32:05 -08:00
Thomas Kluyver
9c5f9e3a35 Merge pull request #5265 from ellisonbg/timeout-error 
Missing class def for TimeoutError
 2014-03-03 15:16:21 -08:00
Brian E. Granger
c6ddfbd0bf Merge pull request #5267 from minrk/normalize-paths 
normalize unicode in notebook API tests
 2014-03-03 15:04:19 -08:00
Min RK
41a35531e6 Merge pull request #5076 from ellisonbg/keyboard 
Refactor keyboard handling
 2014-03-03 14:54:52 -08:00
Brian E. Granger
b1c87debde Adding comment about this fix. 2014-03-03 14:50:06 -08:00
MinRK
052955a84a normalize unicode in notebook API tests 
was failing comparison on OS X
 2014-03-03 14:33:45 -08:00
Brian E. Granger
dd55efc45d Missing class def for TimeoutError. 2014-03-03 13:55:00 -08:00
Brian E. Granger
92967c0baf Addressing things in completer.js. 2014-03-03 13:20:32 -08:00
Brian E. Granger
af7dd15181 Removing old keyboard handling from IPython.utils. 2014-03-03 13:13:50 -08:00
Brian E. Granger
929f5bc8ea Fixing references to IPython.keycodes. 2014-03-03 13:10:18 -08:00
Brian E. Granger
c76ab1d836 Adding basic tests for keyboard.js 2014-03-03 13:10:17 -08:00
Brian E. Granger
ec6ea72873 Adding utility functions. 2014-03-03 13:10:17 -08:00
Brian E. Granger
ff1492f8c9 Creating new base/js/keyboard.js 2014-03-03 13:10:17 -08:00
Paul Ivanov
d6f2dfefea log refusal to serve hidden files dirs 2014-03-03 12:35:37 -08:00
Thomas Kluyver
78943c7258 Add mock to requirements for testing 2014-03-03 12:30:47 -08:00
Brian E. Granger
e5d83b3061 Merge pull request #5261 from jdfreder/more-dual-mode 
Don't allow edit mode up arrow to continue past index == 0
 2014-03-03 11:38:21 -08:00
Jonathan Frederic
ede116bee7 Get cell after first conditional 2014-03-03 11:35:15 -08:00
Jonathan Frederic
479bc6b37a Check down too. 2014-03-03 11:33:58 -08:00
Jonathan Frederic
bebe51c158 Don't allow edit mode up arrow to continue past index == 0 2014-03-03 11:27:58 -08:00
Paul Ivanov
1ce7d5ec80 tour: put the right arrow on the right side 2014-03-03 11:06:54 -08:00