[IPython-dev] Scipy central & IPython notebook.
Mon Sep 24 14:55:33 CDT 2012
Le 24 sept. 2012 à 21:31, Jason Grout a écrit :
> On 9/24/12 2:19 PM, Brian Granger wrote:
>>> Certainly not as is !
>>>> or user that **trust** ipython.org
>> I am beginning to think we should remove <script> tags from markdown
>> cells because of this.
> Don't serve user-generated content from ipython.org. Serve
> user-generated content from something like pylab-central.org or
> something. Some time ago, someone (William Stein maybe?) forwarded to
> me a talk from someone at google which said something to the effect that
> taking care of all the vulnerabilities is *hard*, and google finally
> just decided to serve any untrusted content from a different domain.
> (yeah, I know---that chain of hearsay is not extremely inspiring...).
> I'm CCing William in hopes that maybe he was the one that forwarded the
> story and can find it (I've looked but can't find it).
> But the end result was---don't server untrusted material from a trusted
and we would like to allow some kind of integration with github like possibility for users to post comment directly from nbviewer.
But i'm not an expert on web technologies, and i'm sure this problem has been encounters elsewhere and has a solution.
I think html5 sandbox could be a solution, but I haven't found any good resources to clearly understand what could be done.
Still, thanks for the suggestion, i'll see what i can do with difference domains.
More information about the IPython-dev