[IPython-dev] Notebook CodeCell for editing and executing javascript

Nissim Karpenstein nissimk@gmail....
Mon Dec 31 11:02:49 CST 2012


Syntax highlight changing for the %%language cells sounds closer to what I
was thinking of.

Can you guys explain to me the security concerns?  There are several
JS+CSS+HTML web based editors which execute your code in your browser, like
JSFiddle and JSBin.  http://jsfiddle.net and http://jsbin.com .  Wouldn't
allowing arbitrary users to execute python code on your server be much more
of a security risk than allowing arbitrary javascript code to run in the
browser?  Doesn't the browser provide some security by segmenting resources
by origin so any javascript code executed by the notebook will not be able
to access resources stored by other sites?  I suppose javascript in the
notebook could be used to crash the browser, or to make the browser send
too many requests to some server, but could it really access user's data?
 Do you mean something else by your security concerns?  Is the notebook
storing sensitive data in the browser's local storage or cookies?

I did find this thing, but it really sounds like overkill to me for a
programmer's tool: https://developers.google.com/caja/docs/about/




On Mon, Dec 31, 2012 at 11:17 AM, Jason Grout
<jason-sage@creativetrax.com>wrote:

> On 12/29/12 11:29 AM, Brian Granger wrote:
> > We don't want to allow notebooks that mix different languages at the
> > CodeCell level.
>
> Of course, cell magics alleviate this restriction, as we can right now
> do %%r, %%cython, etc., to effectively get different languages in
> different cells.
>
> I don't see why we can't have a %%javascript that then just echoes the
> javascript back to the browser to execute.  What would be cool is for
> the syntax highlighting to also change if the cell detects that it is a
> %%r cell, etc.
>
> Thanks,
>
> Jason
>
> _______________________________________________
> IPython-dev mailing list
> IPython-dev@scipy.org
> http://mail.scipy.org/mailman/listinfo/ipython-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.scipy.org/pipermail/ipython-dev/attachments/20121231/f2ab070e/attachment.html 


More information about the IPython-dev mailing list