mirror/notebook
2
0
Fork 0
mirror of https://github.com/jupyter/notebook.git synced 2025-02-05 12:19:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
4,031 Commits 22 Branches 1,049 Tags 79 MiB
d4780c2cfc
Commit Graph

1569 Commits

Author SHA1 Message Date
MinRK
d4780c2cfc remove security.is_safe 2014-03-03 16:10:20 -08:00
MinRK
d59e44a190 default to allow_css = false 2014-03-03 16:10:20 -08:00
MinRK
4d35660f3c sanitize CSS 
rather than removing it entirely
 2014-03-03 16:10:19 -08:00
MinRK
d7b1e8b45b test style 2014-03-03 16:10:19 -08:00
MinRK
5f7f1c51ec remove unused security warning 2014-03-03 16:10:19 -08:00
MinRK
c49f04545a don't use result.safe to communicate incomplete information 2014-03-03 16:10:19 -08:00
MinRK
028ce17c62 fix tagName comparison 2014-03-03 16:10:19 -08:00
MinRK
a7dc526b2b testing for sanitize 2014-03-03 16:10:18 -08:00
MinRK
3897b1c39f don't populate sanitized.safe by default 
since it's potentially expensive.

walk nodes in is_safe
 2014-03-03 16:10:18 -08:00
MinRK
6384502e47 sanitize untrusted HTML output 
rather than checking is_safe
 2014-03-03 16:10:18 -08:00
MinRK
3d0957c7bc trust latex 
If mathjax is insecure, we have big problems.
And we already trust mathjax in markdown cells,
so this is consistent.
 2014-03-03 16:10:18 -08:00
MinRK
4b01948200 check trust of data-attributes in sanitization 2014-03-03 16:10:18 -08:00
MinRK
367b4f85c2 wrap caja.sanitizeAttribs to trust data-* attributes 2014-03-03 16:10:17 -08:00
MinRK
c298670a4b use html-sanitizer instead of html-css 
always scrub css (for now)
 2014-03-03 16:10:17 -08:00
MinRK
eec5d427a4 add cmp_tree, in case caja log can't be trusted 
(spoiler: it can't)
 2014-03-03 16:10:17 -08:00
MinRK
0da66543a0 move security js test 2014-03-03 16:10:17 -08:00
MinRK
890c0be1dd always sanitize markdown 
don't check if it's safe or not
 2014-03-03 16:10:17 -08:00
MinRK
2a0451fdde use google-caja for sanitization 2014-03-03 16:06:41 -08:00
Brian E. Granger
07cdb1e195 Adding first round of security tests of is_safe. 2014-03-03 16:06:41 -08:00
Brian E. Granger
3b262912a1 Display safe HTML+SVG even if untrusted, but don't set trusted=1. 2014-03-03 16:06:40 -08:00
Brian E. Granger
31c9e08fa8 Don't render insecure Markdown and show warning. 2014-03-03 16:06:40 -08:00
Brian E. Granger
fa3f998295 Adding security.js with 1st attempt at is_safe. 2014-03-03 16:06:40 -08:00
Thomas Kluyver
9c5f9e3a35 Merge pull request #5265 from ellisonbg/timeout-error 
Missing class def for TimeoutError
 2014-03-03 15:16:21 -08:00
Brian E. Granger
c6ddfbd0bf Merge pull request #5267 from minrk/normalize-paths 
normalize unicode in notebook API tests
 2014-03-03 15:04:19 -08:00
Brian E. Granger
b1c87debde Adding comment about this fix. 2014-03-03 14:50:06 -08:00
MinRK
052955a84a normalize unicode in notebook API tests 
was failing comparison on OS X
 2014-03-03 14:33:45 -08:00
Brian E. Granger
dd55efc45d Missing class def for TimeoutError. 2014-03-03 13:55:00 -08:00
Brian E. Granger
92967c0baf Addressing things in completer.js. 2014-03-03 13:20:32 -08:00
Brian E. Granger
af7dd15181 Removing old keyboard handling from IPython.utils. 2014-03-03 13:13:50 -08:00
Brian E. Granger
929f5bc8ea Fixing references to IPython.keycodes. 2014-03-03 13:10:18 -08:00
Brian E. Granger
c76ab1d836 Adding basic tests for keyboard.js 2014-03-03 13:10:17 -08:00
Brian E. Granger
ec6ea72873 Adding utility functions. 2014-03-03 13:10:17 -08:00
Brian E. Granger
ff1492f8c9 Creating new base/js/keyboard.js 2014-03-03 13:10:17 -08:00
Jonathan Frederic
ede116bee7 Get cell after first conditional 2014-03-03 11:35:15 -08:00
Jonathan Frederic
479bc6b37a Check down too. 2014-03-03 11:33:58 -08:00
Jonathan Frederic
bebe51c158 Don't allow edit mode up arrow to continue past index == 0 2014-03-03 11:27:58 -08:00
Brian E. Granger
8c5b32c987 Merge pull request #5223 from minrk/tiny-images 
use on-load event to trigger resizable images
 2014-03-03 10:35:42 -08:00
Min RK
fa6bbe66f3 Merge pull request #5153 from takluyver/dashboard-sorting 
Dashboard sorting

closes #5151
closes #5152
 2014-03-02 17:40:38 -08:00
Matthias BUSSONNIER
a01c112b0f allow custom headers on all pages 2014-03-01 09:43:27 +01:00
MinRK
15fac2c1d6 make input_area css generic to cells 
removes otherwise-identical text_cell_input class in text cells
 2014-02-28 16:52:00 -08:00
MinRK
983271a36f use on-load event to trigger resizable images 
instead of timeout, which could get incorrect size information.

closes #5219
 2014-02-28 16:46:55 -08:00
Brian E. Granger
88460cd212 Merge pull request #5175 from jdfreder/html-take2 
Audit .html() calls take #2
 2014-02-28 15:56:12 -08:00
Brian E. Granger
88fc1a0737 Merge pull request #5146 from jdfreder/modal-fix 
Dual mode bug fixes.
 2014-02-28 15:54:41 -08:00
Jonathan Frederic
39d39d0ea6 s/trigger_edit_mode/edit_mode 2014-02-28 15:52:28 -08:00
Jonathan Frederic
c41fe67da2 Re-added removed refresh 2014-02-28 15:22:30 -08:00
Jonathan Frederic
3bcee30e8c Added comments to kbm and shrunk focus_cell lines 2014-02-28 15:11:21 -08:00
Jonathan Frederic
69e760841a Move should cancel blur into codecell 2014-02-28 15:06:47 -08:00
Jonathan Frederic
4fdc99e111 Remove notebook load log succes 2014-02-28 15:03:27 -08:00
Jonathan Frederic
a6f883d7f2 Couple of whiteboard logic implementation misses 2014-02-28 14:30:06 -08:00
Jonathan Frederic
9451589e38 implemented whiteboard logic 2014-02-28 14:18:56 -08:00