mirror/notebook
2
0
Fork 0
mirror of https://github.com/jupyter/notebook.git synced 2025-02-05 12:19:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
4,066 Commits 22 Branches 1,049 Tags 79 MiB
e61b6aef47
Commit Graph

1598 Commits

Author SHA1 Message Date
Jonathan Frederic
e61b6aef47 Add logic to close tt when cell is unselected 2014-03-10 15:26:04 -07:00
Jonathan Frederic
95492b0f42 Add illusion that cell is in edit mode when complete is up, 
even though it is not in focus so it is not in edit mode.
 2014-03-10 10:10:06 -07:00
Jonathan Frederic
65732920eb Remove all should cancel blur logic. 2014-03-10 09:46:59 -07:00
Jonathan Frederic
989ae4e1b3 Workaround for Tooltip & completer click focus bug. 2014-03-10 09:28:19 -07:00
Brian E. Granger
1407b4347e Merge pull request #5268 from ellisonbg/cmd-mode 
Refactoring Notebook.command_mode
 2014-03-06 12:09:43 -08:00
Min RK
aaedd1a311 Merge pull request #5283 from takluyver/widget-del 
Remove Widget.closed attribute
 2014-03-05 17:16:35 -08:00
Thomas Kluyver
95dc697e3b Remove Widget.closed attribute 
Closes gh-5282
 2014-03-05 15:34:14 -08:00
MinRK
7d87978a66 fix a typo introduced by a rebased PR 
caused heading cells to appear in both rendered and unrendered state
 2014-03-05 14:30:34 -08:00
Jonathan Frederic
de9b5b907e Fab CSS 2014-03-05 12:25:26 -08:00
juhasch
72864cc83c append Firefox overflow-x fix 2014-03-05 12:25:11 -08:00
MinRK
3588fe40a9 Merge Security Pull Request: google-caja 
Adds HTML sanitization.

The basics:

- untrusted HTML is always sanitized, with no warning
  (there is console logging for changes made)
- markdown is always treated as untrusted
- no warnings for simply excluded output (e.g. Javascript)
- CSS tags and attributes are always stripped from untrusted HTML
- never check whether HTML is "safe," only sanitize
- add 'Trust notebook' to File menu
 2014-03-04 17:35:55 -08:00
MinRK
54e1558c16 make trust notebook dialog a single paragraph 2014-03-04 17:35:38 -08:00
MinRK
8cd744db85 mention that Trust triggers reload 2014-03-04 15:58:09 -08:00
MinRK
9396619f9d security.js docstrings 2014-03-04 15:38:11 -08:00
Brian E. Granger
4e0a2ee476 Make sure we are in command mode before we select a new cell. 2014-03-04 15:09:49 -08:00
Brian E. Granger
8d38e042df Merge pull request #5158 from ivanov/fix-5157 
log refusal to serve hidden directories
 2014-03-04 10:05:29 -08:00
MinRK
d8f2e320f2 trust method docstrings 2014-03-03 16:27:59 -08:00
MinRK
d5b0026cf1 trust via mark cells and save, rather than trust API request 2014-03-03 16:10:21 -08:00
MinRK
e7f3c05d28 remove unused get_attr_names 2014-03-03 16:10:21 -08:00
MinRK
6792d38215 log excluded untrusted output 2014-03-03 16:10:21 -08:00
MinRK
aaefc5f296 remove warning for stripped output 2014-03-03 16:10:21 -08:00
MinRK
b5c8a51331 disable trust notebook menu item on trusted notebooks 2014-03-03 16:10:20 -08:00
MinRK
c9c23cd71c cleanup test_nbmanager 
use class setUp / teardown instead of the same context manager in every test
 2014-03-03 16:10:20 -08:00
MinRK
1ae689f30c Add Trust Notebook to File menu 2014-03-03 16:10:20 -08:00
MinRK
46665483ed remove struct-returning sanitize 
only keep str-str sanitization
 2014-03-03 16:10:20 -08:00
MinRK
d4780c2cfc remove security.is_safe 2014-03-03 16:10:20 -08:00
MinRK
d59e44a190 default to allow_css = false 2014-03-03 16:10:20 -08:00
MinRK
4d35660f3c sanitize CSS 
rather than removing it entirely
 2014-03-03 16:10:19 -08:00
MinRK
d7b1e8b45b test style 2014-03-03 16:10:19 -08:00
MinRK
5f7f1c51ec remove unused security warning 2014-03-03 16:10:19 -08:00
MinRK
c49f04545a don't use result.safe to communicate incomplete information 2014-03-03 16:10:19 -08:00
MinRK
028ce17c62 fix tagName comparison 2014-03-03 16:10:19 -08:00
MinRK
a7dc526b2b testing for sanitize 2014-03-03 16:10:18 -08:00
MinRK
3897b1c39f don't populate sanitized.safe by default 
since it's potentially expensive.

walk nodes in is_safe
 2014-03-03 16:10:18 -08:00
MinRK
6384502e47 sanitize untrusted HTML output 
rather than checking is_safe
 2014-03-03 16:10:18 -08:00
MinRK
3d0957c7bc trust latex 
If mathjax is insecure, we have big problems.
And we already trust mathjax in markdown cells,
so this is consistent.
 2014-03-03 16:10:18 -08:00
MinRK
4b01948200 check trust of data-attributes in sanitization 2014-03-03 16:10:18 -08:00
MinRK
367b4f85c2 wrap caja.sanitizeAttribs to trust data-* attributes 2014-03-03 16:10:17 -08:00
MinRK
c298670a4b use html-sanitizer instead of html-css 
always scrub css (for now)
 2014-03-03 16:10:17 -08:00
MinRK
eec5d427a4 add cmp_tree, in case caja log can't be trusted 
(spoiler: it can't)
 2014-03-03 16:10:17 -08:00
MinRK
0da66543a0 move security js test 2014-03-03 16:10:17 -08:00
MinRK
890c0be1dd always sanitize markdown 
don't check if it's safe or not
 2014-03-03 16:10:17 -08:00
MinRK
2a0451fdde use google-caja for sanitization 2014-03-03 16:06:41 -08:00
Brian E. Granger
07cdb1e195 Adding first round of security tests of is_safe. 2014-03-03 16:06:41 -08:00
Brian E. Granger
3b262912a1 Display safe HTML+SVG even if untrusted, but don't set trusted=1. 2014-03-03 16:06:40 -08:00
Brian E. Granger
31c9e08fa8 Don't render insecure Markdown and show warning. 2014-03-03 16:06:40 -08:00
Brian E. Granger
fa3f998295 Adding security.js with 1st attempt at is_safe. 2014-03-03 16:06:40 -08:00
Brian E. Granger
6f4263dc74 Removing conditionals that are not needed. 2014-03-03 16:03:06 -08:00
Paul Ivanov
6c8cccf9e3 fix test suite 
is_hidden expects the file to actually exist, so I've rearranged the
logic such that is_hidden is called only after it's clear that the file
exists.
 2014-03-03 16:02:07 -08:00
Brian E. Granger
e374ca5ebb Refactoring Notebook.command_mode. 2014-03-03 15:32:05 -08:00