[IPython-dev] [matplotlib-devel] IPython (new) + matplotlib report: happy news

Benjamin Root ben.root@ou....
Tue Sep 14 14:57:26 CDT 2010


On Tue, Sep 14, 2010 at 1:58 PM, Fernando Perez <fperez.net@gmail.com>wrote:

> On Tue, Sep 14, 2010 at 11:48 AM, Anne Archibald
> <aarchiba@physics.mcgill.ca> wrote:
> > On 14 September 2010 11:08, Gökhan Sever <gokhansever@gmail.com> wrote:
> >
> >> 1-) When one downloads a script from the matplotlib gallery via an
> external
> >> script (name it load_into_ipython or open_with_ipython) the contents of
> that
> >> gallery script (or any python script) can be executed locally inside an
> >> ipython session.
> >
> > Not to be difficult, but I should point out that allowing users to run
> > code with one click, particularly if that code is from a wiki or other
> > user-submitted gallery, is just asking for trouble. How long before
> > someone submits "import os, shutil;
> > shutil.deltree(os.environ['HOME'])"? Or sneaks it into some otherwise
> > inoffensive script?
>
> Very valid points.  I'm leaning more towards something like a
> combination of (hopefully) a 'copy code' button on the MPL webpages
> themselves, so users don't have to scroll/highlight a lot but would
> still do paste, execute manually, and a special %mplexample magic.
>
> This would only run examples from the mpl gallery (hardcoding the
> path), would display the code to the  user first, and would ask for
> confirmation before execution.  Since those html pages are built by
> executing those same scripts, there's a layer of sanity already built
> into it (the rmtree call would have already nuked the builder's home
> directory in the build process if it had been there).  Showing the
> code to the user and confirming execution before proceeding adds a
> final chance for the person to check her parachute before  jumping off
> the cliff.
>
> Does that sound reasonable?
>
> >> 2-) Matplotlib gallery might turn to an interactive environment where
> you
> >> can execute the script from right within your browser and change
> parameters
> >> in the same browser window. As far as I know mpl figures can now be
> drawn on
> >> html canvas. This might for sure boost the number of matplotlib
> audience.
> >
> > Is there a sandboxed browser plugin? Or server plugin, depending on
> > where you run the script?
>
> This would have to be server-side, and code needs to be written.  Part
> of our interest with this explicit separation of ipython kernel and
> clients with a well-defined protocol is to make the above possible.
> But we haven't written any of the code necessary to have a browser
> client, and to serve code read from a sphinx-generated HTML page.
> Gokhan, your patches will be welcome, the infrastructure is now ready
> and waiting for you :)
>
> Cheers,
>
> f
>

Just a crazy idea to consider that would completely bypass this whole
vulnerability issue...

Why not have an examples module that contains function calls to each
example?  On the website, we can show the source code, but also say that one
could just do:

>>> import matplotlib.examples as ex
>>> ex.bars3d_demo()

My 2 cents...

Ben Root
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.scipy.org/pipermail/ipython-dev/attachments/20100914/5cfb3b42/attachment.html 


More information about the IPython-dev mailing list