mirror/notebook
2
0
Fork 0
mirror of https://github.com/jupyter/notebook.git synced 2025-01-12 11:45:38 +08:00
Code Issues Packages Projects Releases Wiki Activity
4,041 Commits 20 Branches 1,036 Tags 78 MiB
d8f2e320f2
Commit Graph

4041 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
MinRK
d8f2e320f2 trust method docstrings 2014-03-03 16:27:59 -08:00
MinRK
d5b0026cf1 trust via mark cells and save, rather than trust API request 2014-03-03 16:10:21 -08:00
MinRK
e7f3c05d28 remove unused get_attr_names 2014-03-03 16:10:21 -08:00
MinRK
6792d38215 log excluded untrusted output 2014-03-03 16:10:21 -08:00
MinRK
156207ab41 don't forget to install caja 2014-03-03 16:10:21 -08:00
MinRK
aaefc5f296 remove warning for stripped output 2014-03-03 16:10:21 -08:00
MinRK
b5c8a51331 disable trust notebook menu item on trusted notebooks 2014-03-03 16:10:20 -08:00
MinRK
c9c23cd71c cleanup test_nbmanager 
use class setUp / teardown instead of the same context manager in every test
 2014-03-03 16:10:20 -08:00
MinRK
1ae689f30c Add Trust Notebook to File menu 2014-03-03 16:10:20 -08:00
MinRK
46665483ed remove struct-returning sanitize 
only keep str-str sanitization
 2014-03-03 16:10:20 -08:00
MinRK
d4780c2cfc remove security.is_safe 2014-03-03 16:10:20 -08:00
MinRK
d59e44a190 default to allow_css = false 2014-03-03 16:10:20 -08:00
MinRK
4d35660f3c sanitize CSS 
rather than removing it entirely
 2014-03-03 16:10:19 -08:00
MinRK
d7b1e8b45b test style 2014-03-03 16:10:19 -08:00
MinRK
5f7f1c51ec remove unused security warning 2014-03-03 16:10:19 -08:00
MinRK
c49f04545a don't use result.safe to communicate incomplete information 2014-03-03 16:10:19 -08:00
MinRK
028ce17c62 fix tagName comparison 2014-03-03 16:10:19 -08:00
MinRK
a7dc526b2b testing for sanitize 2014-03-03 16:10:18 -08:00
MinRK
3897b1c39f don't populate sanitized.safe by default 
since it's potentially expensive.

walk nodes in is_safe
 2014-03-03 16:10:18 -08:00
MinRK
6384502e47 sanitize untrusted HTML output 
rather than checking is_safe
 2014-03-03 16:10:18 -08:00
MinRK
3d0957c7bc trust latex 
If mathjax is insecure, we have big problems.
And we already trust mathjax in markdown cells,
so this is consistent.
 2014-03-03 16:10:18 -08:00
MinRK
4b01948200 check trust of data-attributes in sanitization 2014-03-03 16:10:18 -08:00
MinRK
367b4f85c2 wrap caja.sanitizeAttribs to trust data-* attributes 2014-03-03 16:10:17 -08:00
MinRK
c298670a4b use html-sanitizer instead of html-css 
always scrub css (for now)
 2014-03-03 16:10:17 -08:00
MinRK
eec5d427a4 add cmp_tree, in case caja log can't be trusted 
(spoiler: it can't)
 2014-03-03 16:10:17 -08:00
MinRK
0da66543a0 move security js test 2014-03-03 16:10:17 -08:00
MinRK
890c0be1dd always sanitize markdown 
don't check if it's safe or not
 2014-03-03 16:10:17 -08:00
MinRK
2a0451fdde use google-caja for sanitization 2014-03-03 16:06:41 -08:00
Brian E. Granger
07cdb1e195 Adding first round of security tests of is_safe. 2014-03-03 16:06:41 -08:00
Brian E. Granger
3b262912a1 Display safe HTML+SVG even if untrusted, but don't set trusted=1. 2014-03-03 16:06:40 -08:00
Brian E. Granger
31c9e08fa8 Don't render insecure Markdown and show warning. 2014-03-03 16:06:40 -08:00
Brian E. Granger
fa3f998295 Adding security.js with 1st attempt at is_safe. 2014-03-03 16:06:40 -08:00
Thomas Kluyver
9c5f9e3a35 Merge pull request #5265 from ellisonbg/timeout-error 
Missing class def for TimeoutError
 2014-03-03 15:16:21 -08:00
Brian E. Granger
c6ddfbd0bf Merge pull request #5267 from minrk/normalize-paths 
normalize unicode in notebook API tests
 2014-03-03 15:04:19 -08:00
Min RK
41a35531e6 Merge pull request #5076 from ellisonbg/keyboard 
Refactor keyboard handling
 2014-03-03 14:54:52 -08:00
Brian E. Granger
b1c87debde Adding comment about this fix. 2014-03-03 14:50:06 -08:00
MinRK
052955a84a normalize unicode in notebook API tests 
was failing comparison on OS X
 2014-03-03 14:33:45 -08:00
Brian E. Granger
dd55efc45d Missing class def for TimeoutError. 2014-03-03 13:55:00 -08:00
Brian E. Granger
92967c0baf Addressing things in completer.js. 2014-03-03 13:20:32 -08:00
Brian E. Granger
af7dd15181 Removing old keyboard handling from IPython.utils. 2014-03-03 13:13:50 -08:00
Brian E. Granger
929f5bc8ea Fixing references to IPython.keycodes. 2014-03-03 13:10:18 -08:00
Brian E. Granger
c76ab1d836 Adding basic tests for keyboard.js 2014-03-03 13:10:17 -08:00
Brian E. Granger
ec6ea72873 Adding utility functions. 2014-03-03 13:10:17 -08:00
Brian E. Granger
ff1492f8c9 Creating new base/js/keyboard.js 2014-03-03 13:10:17 -08:00
Brian E. Granger
e5d83b3061 Merge pull request #5261 from jdfreder/more-dual-mode 
Don't allow edit mode up arrow to continue past index == 0
 2014-03-03 11:38:21 -08:00
Jonathan Frederic
ede116bee7 Get cell after first conditional 2014-03-03 11:35:15 -08:00
Jonathan Frederic
479bc6b37a Check down too. 2014-03-03 11:33:58 -08:00
Jonathan Frederic
bebe51c158 Don't allow edit mode up arrow to continue past index == 0 2014-03-03 11:27:58 -08:00
Brian E. Granger
8c5b32c987 Merge pull request #5223 from minrk/tiny-images 
use on-load event to trigger resizable images
 2014-03-03 10:35:42 -08:00
Min RK
fa6bbe66f3 Merge pull request #5153 from takluyver/dashboard-sorting 
Dashboard sorting

closes #5151
closes #5152
 2014-03-02 17:40:38 -08:00