mirror/notebook
2
0
Fork 0
mirror of https://github.com/jupyter/notebook.git synced 2025-03-07 13:07:22 +08:00
Code Issues Packages Projects Releases Wiki Activity
4,123 Commits 25 Branches 1,075 Tags 80 MiB
caee63f413
Commit Graph

3367 Commits

Author SHA1 Message Date
MinRK
4d35660f3c sanitize CSS 
rather than removing it entirely
 2014-03-03 16:10:19 -08:00
MinRK
d7b1e8b45b test style 2014-03-03 16:10:19 -08:00
MinRK
5f7f1c51ec remove unused security warning 2014-03-03 16:10:19 -08:00
MinRK
c49f04545a don't use result.safe to communicate incomplete information 2014-03-03 16:10:19 -08:00
MinRK
028ce17c62 fix tagName comparison 2014-03-03 16:10:19 -08:00
MinRK
a7dc526b2b testing for sanitize 2014-03-03 16:10:18 -08:00
MinRK
3897b1c39f don't populate sanitized.safe by default 
since it's potentially expensive.

walk nodes in is_safe
 2014-03-03 16:10:18 -08:00
MinRK
6384502e47 sanitize untrusted HTML output 
rather than checking is_safe
 2014-03-03 16:10:18 -08:00
MinRK
3d0957c7bc trust latex 
If mathjax is insecure, we have big problems.
And we already trust mathjax in markdown cells,
so this is consistent.
 2014-03-03 16:10:18 -08:00
MinRK
4b01948200 check trust of data-attributes in sanitization 2014-03-03 16:10:18 -08:00
MinRK
367b4f85c2 wrap caja.sanitizeAttribs to trust data-* attributes 2014-03-03 16:10:17 -08:00
MinRK
c298670a4b use html-sanitizer instead of html-css 
always scrub css (for now)
 2014-03-03 16:10:17 -08:00
MinRK
eec5d427a4 add cmp_tree, in case caja log can't be trusted 
(spoiler: it can't)
 2014-03-03 16:10:17 -08:00
MinRK
0da66543a0 move security js test 2014-03-03 16:10:17 -08:00
MinRK
890c0be1dd always sanitize markdown 
don't check if it's safe or not
 2014-03-03 16:10:17 -08:00
MinRK
2a0451fdde use google-caja for sanitization 2014-03-03 16:06:41 -08:00
Brian E. Granger
07cdb1e195 Adding first round of security tests of is_safe. 2014-03-03 16:06:41 -08:00
Brian E. Granger
3b262912a1 Display safe HTML+SVG even if untrusted, but don't set trusted=1. 2014-03-03 16:06:40 -08:00
Brian E. Granger
31c9e08fa8 Don't render insecure Markdown and show warning. 2014-03-03 16:06:40 -08:00
Brian E. Granger
fa3f998295 Adding security.js with 1st attempt at is_safe. 2014-03-03 16:06:40 -08:00
Brian E. Granger
6f4263dc74 Removing conditionals that are not needed. 2014-03-03 16:03:06 -08:00
Paul Ivanov
6c8cccf9e3 fix test suite 
is_hidden expects the file to actually exist, so I've rearranged the
logic such that is_hidden is called only after it's clear that the file
exists.
 2014-03-03 16:02:07 -08:00
Brian E. Granger
e374ca5ebb Refactoring Notebook.command_mode. 2014-03-03 15:32:05 -08:00
Thomas Kluyver
9c5f9e3a35 Merge pull request #5265 from ellisonbg/timeout-error 
Missing class def for TimeoutError
 2014-03-03 15:16:21 -08:00
Brian E. Granger
c6ddfbd0bf Merge pull request #5267 from minrk/normalize-paths 
normalize unicode in notebook API tests
 2014-03-03 15:04:19 -08:00
Brian E. Granger
b1c87debde Adding comment about this fix. 2014-03-03 14:50:06 -08:00
MinRK
052955a84a normalize unicode in notebook API tests 
was failing comparison on OS X
 2014-03-03 14:33:45 -08:00
Brian E. Granger
dd55efc45d Missing class def for TimeoutError. 2014-03-03 13:55:00 -08:00
Brian E. Granger
92967c0baf Addressing things in completer.js. 2014-03-03 13:20:32 -08:00
Brian E. Granger
af7dd15181 Removing old keyboard handling from IPython.utils. 2014-03-03 13:13:50 -08:00
Brian E. Granger
929f5bc8ea Fixing references to IPython.keycodes. 2014-03-03 13:10:18 -08:00
Brian E. Granger
c76ab1d836 Adding basic tests for keyboard.js 2014-03-03 13:10:17 -08:00
Brian E. Granger
ec6ea72873 Adding utility functions. 2014-03-03 13:10:17 -08:00
Brian E. Granger
ff1492f8c9 Creating new base/js/keyboard.js 2014-03-03 13:10:17 -08:00
Paul Ivanov
d6f2dfefea log refusal to serve hidden files dirs 2014-03-03 12:35:37 -08:00
Jonathan Frederic
ede116bee7 Get cell after first conditional 2014-03-03 11:35:15 -08:00
Jonathan Frederic
479bc6b37a Check down too. 2014-03-03 11:33:58 -08:00
Jonathan Frederic
bebe51c158 Don't allow edit mode up arrow to continue past index == 0 2014-03-03 11:27:58 -08:00
Paul Ivanov
1ce7d5ec80 tour: put the right arrow on the right side 2014-03-03 11:06:54 -08:00
Brian E. Granger
8c5b32c987 Merge pull request #5223 from minrk/tiny-images 
use on-load event to trigger resizable images
 2014-03-03 10:35:42 -08:00
Min RK
fa6bbe66f3 Merge pull request #5153 from takluyver/dashboard-sorting 
Dashboard sorting

closes #5151
closes #5152
 2014-03-02 17:40:38 -08:00
Paul Ivanov
6d0d34d7ed entering edit mode now requires focus_cell 2014-03-01 01:23:34 -08:00
Matthias BUSSONNIER
a01c112b0f allow custom headers on all pages 2014-03-01 09:43:27 +01:00
Paul Ivanov
bdbf2fe9d5 more robust forward and back tour transitions 2014-03-01 00:12:59 -08:00
Paul Ivanov
ccf6128962 addressing Fernando's feedback 2014-02-28 23:41:20 -08:00
Paul Ivanov
431c4dfeb6 correct instructions for updating components 2014-02-28 20:04:22 -08:00
Paul Ivanov
95bd36be10 don't automatically advance the tour 2014-02-28 20:04:22 -08:00
Paul Ivanov
9d1595aebb more refinement of the tour contents 2014-02-28 20:04:22 -08:00
Paul Ivanov
405017875e tidy up and add to the tour 
@takluyver found some typos which I fixed now
 2014-02-28 20:04:22 -08:00
Paul Ivanov
d11d9b4830 tidying up the tour explanation of modes 2014-02-28 20:04:22 -08:00
Paul Ivanov
3a43d776c2 End tour via 'x' in upper right corner of window 2014-02-28 20:04:22 -08:00
Paul Ivanov
1ee52fcbbc pause/play buttons for starting/stopping the tour 2014-02-28 20:04:22 -08:00
Paul Ivanov
5725bf80f5 use minified tour 2014-02-28 20:04:22 -08:00
Paul Ivanov
600facc92d allow tour restarting 2014-02-28 20:04:21 -08:00
Paul Ivanov
abe4732aa0 fix typo in tour.js 2014-02-28 20:04:21 -08:00
Paul Ivanov
5fead3cdd7 starting the tour from the menu works now 
JavaScript makes me fond of this phrase:

  When there's nothing left to burn, you have to set yourself on fire.
 2014-02-28 20:03:47 -08:00
Paul Ivanov
d7b569390f more work on the tour 2014-02-28 20:03:46 -08:00
Paul Ivanov
a765132684 add the tour to the page 2014-02-28 20:03:46 -08:00
Paul Ivanov
52766703b4 fix typo for the location of bower.json 2014-02-28 20:01:48 -08:00
Paul Ivanov
3cf601b58e initial bootstrap tour 
One way to get it to play currently is with a cell like this:

    %%javascript
    $.getScript('/static/notebook/js/tour.js')

provided that you have Bootstrap Tour installed in the components
 2014-02-28 20:01:48 -08:00
Min RK
a9a0c71f75 Merge pull request #5244 from minrk/test-ipc 
try to avoid EADDRINUSE errors on travis
 2014-02-28 17:30:15 -08:00
MinRK
15fac2c1d6 make input_area css generic to cells 
removes otherwise-identical text_cell_input class in text cells
 2014-02-28 16:52:00 -08:00
MinRK
983271a36f use on-load event to trigger resizable images 
instead of timeout, which could get incorrect size information.

closes #5219
 2014-02-28 16:46:55 -08:00
Brian E. Granger
88460cd212 Merge pull request #5175 from jdfreder/html-take2 
Audit .html() calls take #2
 2014-02-28 15:56:12 -08:00
Brian E. Granger
88fc1a0737 Merge pull request #5146 from jdfreder/modal-fix 
Dual mode bug fixes.
 2014-02-28 15:54:41 -08:00
Jonathan Frederic
39d39d0ea6 s/trigger_edit_mode/edit_mode 2014-02-28 15:52:28 -08:00
Jonathan Frederic
c41fe67da2 Re-added removed refresh 2014-02-28 15:22:30 -08:00
Jonathan Frederic
3bcee30e8c Added comments to kbm and shrunk focus_cell lines 2014-02-28 15:11:21 -08:00
Jonathan Frederic
69e760841a Move should cancel blur into codecell 2014-02-28 15:06:47 -08:00
Jonathan Frederic
4fdc99e111 Remove notebook load log succes 2014-02-28 15:03:27 -08:00
Jonathan Frederic
a6f883d7f2 Couple of whiteboard logic implementation misses 2014-02-28 14:30:06 -08:00
Jonathan Frederic
9451589e38 implemented whiteboard logic 2014-02-28 14:18:56 -08:00
Jonathan Frederic
673577cf6c Merge pull request #5207 from Zaharid/childfireevent 
Children fire event
 2014-02-28 13:47:21 -08:00
MinRK
22486461f3 use ipc for notebook js tests 
on linux only

This ought to prevent EADDRINUSE errors in the kernel.
 2014-02-28 12:50:53 -08:00
Thomas Kluyver
8c1c18461c Fix a couple of static analysis warnings 2014-02-28 11:38:28 -08:00
Thomas Kluyver
3698563794 Make hidden directories configurable 2014-02-28 11:37:26 -08:00
Thomas Kluyver
c75d4e9962 Don't attempt locale-aware sorting for now. 
On Python 2, locale.strxfrm() can't handle unicode.
 2014-02-28 11:35:49 -08:00
Thomas Kluyver
4fe9f8d057 Case insensitive sorting in the dashboard. 
Closes gh-5151
 2014-02-28 11:35:04 -08:00
Thomas Kluyver
c1e8ddc64e Hide directories beginning with _ from the dashboard. 
Closes gh-5152
 2014-02-28 11:31:58 -08:00
Paul Ivanov
f8ab13b675 Merge pull request #5215 from ivanov/running-kernels 
Dashboard "Running" Tab
 2014-02-27 19:57:50 -08:00
Paul Ivanov
938f4bdfc4 small whitespace cleanup, renamed drag_info 
in the dashboard, I've renamed drag_info to notebook_list_info, so
applying style to notebook_list_info and running_list_info can be done
in one place.
 2014-02-27 19:36:42 -08:00
Min RK
1ff8d9153a Merge pull request #5239 from takluyver/coverage-exclude-tests 
Fix exclusion of tests directories from coverage reports
 2014-02-27 18:30:22 -08:00
Paul Ivanov
eb4e674598 remove redundant checks in code 2014-02-27 18:13:53 -08:00
Paul Ivanov
14239c01e4 use explicit running header name + jquery's toggle 2014-02-27 17:59:16 -08:00
Thomas Kluyver
40ac479ae1 Merge pull request #5203 from minrk/test-log-warn 
capture some logging/warning output in some tests
 2014-02-27 17:55:29 -08:00
Thomas Kluyver
f8fbd82864 Fix exclusion of tests directories from coverage reports 2014-02-27 17:39:48 -08:00
Jonathan Frederic
0884716a7d Re-added widget textbox blur fix FF 2014-02-27 16:15:11 -08:00
Jonathan Frederic
bfc51c2a29 Final touches? 2014-02-27 16:09:00 -08:00
Jonathan Frederic
c5fb037e41 Reorg index and focus_editor params on edit_mode func 2014-02-27 15:52:05 -08:00
Jonathan Frederic
048ca30b0c Remove fixes that are implemented correct in new CM 2014-02-27 15:47:01 -08:00
Brian E. Granger
e847a31348 Always refresh the CM editor upon TextCell unrender. 2014-02-27 15:45:06 -08:00
Jonathan Frederic
b976804051 Moved edit_mode canceling logic back into cell. 2014-02-27 15:45:06 -08:00
Jonathan Frederic
ff37fb7a36 Standardized comments and removed last logs 2014-02-27 15:45:06 -08:00
Jonathan Frederic
64ae25508d Removed change that is no longer needed 2014-02-27 15:45:06 -08:00
Jonathan Frederic
70086d352f s/unfocus/blur 2014-02-27 15:45:06 -08:00
Jonathan Frederic
c7860d8bc8 Post in person review 
Removed logic for reverse ordered events
Removed almost all of the log statements
Removed list for should unfocus callbacks
Removed all the logic in focus_editor
Only call focus_editor if the keyboard was used to enter edit mode
 2014-02-27 15:45:06 -08:00
Jonathan Frederic
3595c099c2 Fixed rebase problems 2014-02-27 15:45:06 -08:00
Jonathan Frederic
10d79a9102 Added cell unfocus event canceller API 2014-02-27 15:45:05 -08:00
Jonathan Frederic
a6aaa8a886 Use is_focused for element kbman removal event 2014-02-27 15:45:05 -08:00
Jonathan Frederic
6f7c502157 Fixed lots of bugs 
Half overhaul of notebook focus events...
 2014-02-27 15:45:05 -08:00