[IPython-dev] D3js and IPython

MinRK benjaminrk@gmail....
Tue Jan 8 18:45:47 CST 2013


On Tue, Jan 8, 2013 at 4:18 PM, Brian Granger <ellisonbg@gmail.com> wrote:

> On Tue, Jan 8, 2013 at 2:09 PM, MinRK <benjaminrk@gmail.com> wrote:
> >
> >
> > On Tue, Jan 8, 2013 at 2:04 PM, Brian Granger <ellisonbg@gmail.com>
> wrote:
> >>
> >> Using the JS Plugins branch, you can use the following model:
> >>
> >> * Write a JS plugin that has all of the javascript code you need - you
> >> can do whatever you want.
> >> * That Js plugin will declare a handler for a particular type of data.
> >> * You can then publish JSON data to that handler using appropriate
> Python
> >> calls.
> >>
> >> You shouldn't ever need to use the existing Javascript object to write
> >> your JS code.
> >
> >
> > I don't think doing away with inline js is remotely feasible.
> > For security reasons, we have to make decisions like:
> >
> > on load, do not run raw js, because it could do terrible things without
> the
> > user being aware.
> >
> > But removing the general ability to run js without installing new files
> on
> > the nb *server* cannot possibly be the long-term solution.
>
> Originally, I (obviously) thought this way.  But, as I have learned
> more about the security vulnerabilities, I have become convinced that
> this is the long term solution.  However, I am open to other solutions
> that 1) completely remove the security risks and 2) don't involve
> significant new complexities, such as requiring multiple domains and
> iframes.  I should also note that I am open to the single user
> notebook preserving this capability - but I am a little hesitant to
> leave it enabled as it will encourage people to write Javascript code
> in this way.
>

I do appreciate the concern, and we need a solution to the issue.
I just don't think we have a complete one yet.
Right now, we have a supremely flexible (and thus insecure) situation,
whereas jsplugins-only is secure, but not remotely flexible from a user's
perspective.

This is an extremely serious incapacitation of the notebook.
The trouble is that jsplugins is a relatively tolerable substitue
for the single-user notebook, but where the problem is worst
is when users don't actually have access to the server
to install jsplugins.  So it's precisely the case where we
would not allow custom js that jsplugins fail most dramatically
as a substitute.

Is it really our intention to require *server* installation of a plugin
for a user to gain access to a new widget? That seems to eliminate a *huge*
portion of exactly what makes the notebook interesting.

If we have a way that js plugins can be loaded at runtime by the user
without access to the server (presumably with a 'do you trust this guy?'
confirmation),
then that would go a long way toward preventing the total castration of the
notebook.


>
> A separate issue is that actually writing Javascript code using the
> old Javascript object is horrifically painful.  Errors get completely
> swallowed and it is nearly impossible to figure out what is going on.
> I think this is why very few people have actually done anything
> significant with the Javascript object we currently have - it just
> doesn't work very well.  On the other hand, developing the JS plugins,
> gives the usual mostly pleasant development experience.
>

This isn't entirely accurate, as errors in js do show up in the notebook.
Just try

%%javascript
a = doesnt_exist

But I do appreciate the pain - I've taken to writing new inline js code in
.js files locally,
just so my editor can help me out, which is similar in practice to
jsplugins and definitely an improvement over typing js in Python strings.


> Cheers,
>
> Brian
>
> >>
> >>
> >> Cheers,
> >>
> >> Brian
> >>
> >>
> >> On Tue, Jan 8, 2013 at 1:11 PM, lecast <martin.zmk@gmail.com> wrote:
> >> > Thx. I will have a look at both the repository and the pull.
> >> >
> >> > Returning Javascript() or HTML() is not exactly what I need. In
> general
> >> > I
> >> > always need  to publish both html and javascript within a function so
> >> > that
> >> > function that would correspond to make_table() from ipy_table creates
> >> > both
> >> > the element and the script that populates that element. But this is
> mute
> >> > here, since I couldn't find a way to copy final elements from the
> window
> >> > and
> >> > saving them in the notebook for good, the only thing that actually is
> >> > saved
> >> > is the final html object.
> >> >
> >> > I don't use inline JS anywhere there. But, if you prevent inline JS in
> >> > output then you will also prevent a lot of interactivity on final
> output
> >> > that e.g. d3 generates. I mean you need to be able to have things like
> >> > onClick etc. But if you mean that you will prohibit me from saving
> >> > javascript in any form in the notebook, then I will probably have to
> >> > stop
> >> > pulling the new versions... Right now I spend all my time in Notebook,
> >> > i.e.
> >> > I wrote a script that converts notebooks to latex and I just write my
> >> > papers
> >> > in Notebook. It is nice since I see my math instantly, but I need to
> be
> >> > able
> >> > to embed some javascript that appears only in those notebooks that are
> >> > really papers, e.g. to replace references or make highlights (
> >> > http://i46.tinypic.com/163qyg.png ).
> >> >
> >> > Customjs is ok unless you send the notebook to someone and don't tell
> >> > them
> >> > they need to have it as well. I wanted something that produces output
> >> > that
> >> > is easily replicable.
> >> >
> >> >
> >> >
> >> > Z wyrazami szacunku,
> >> > Marcin Zamojski
> >> >
> >> >
> >> > On Tue, Jan 8, 2013 at 8:56 PM, Matthias Bussonnier [via Python]
> >> > <[hidden
> >> > email]> wrote:
> >> >>
> >> >> Hi !
> >> >>
> >> >> It look really great :
> >> >>
> >> >> A few comment :
> >> >>
> >> >> Obstacle 1
> >> >> def x():
> >> >>         from IPython.core.display import Javascript
> >> >>         Javascript('alert("a")')
> >> >> x()
> >> >>
> >> >> you probably want to `return Javascript('alert("a")')`
> >> >> Am I wrong ?
> >> >>
> >> >>
> >> >> Obstacle 2:
> >> >>  same : `return HTML()` I guess...
> >> >>
> >> >> Please, please, please don't inline script.
> >> >> We will in anyway prevent script in output so this will become
> useless
> >> >> anyway.
> >> >> Which will deprecate _js_repr_ (at least make it useless) but Brian
> >> >> Json-handler branch
> >> >> ill work much better to do what you want.
> >> >>
> >> >> Obstacle 3/Obstacle 4
> >> >> Will be solve with brian Json Handler branch.
> >> >>
> >> >> You probably want to inject your own library in the notebook,
> >> >> which can be done via custom.js
> >> >>
> >> >> draft doc :
> >> >> http://elacave.lmdb.eu/~carreau/yui/classes/IPython.customjs.html
> >> >> use $.getScript(url)
> >> >> for example :
> >> >> $.getScript('d3.min.js') in you have d3.min.js in
> >> >> .ipython/profile_xxx/static/js/d3.min.js
> >> >>
> >> >> You might be interesting in
> >> >> http://epmoyer.github.com/ipy_table/
> >> >>
> >> >> To join effort.
> >> >>
> >> >> Thanks.
> >> >> --
> >> >> Matthias
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> Le 8 janv. 2013 à 17:26, lecast a écrit :
> >> >>
> >> >> > This is a new thread but it is born out and related to a  previous
> >> >> > discussion
> >> >> >
> >> >> >
> >> >> > <
> http://python.6.n6.nabble.com/experiment-remote-execution-of-jquery-and-d3-code-into-the-browser-via-ipython-td4633053.html#a4955237
> >
> >> >> > . The goal there was to live update figures created with d3js in
> >> >> > IPython
> >> >> > Notebook. It was suggested that a solution would be to use widgets,
> >> >> > which I
> >> >> > have to admit I did not have time to understand so instead I
> decided
> >> >> > to
> >> >> > create something that produces the end product I was aiming at,
> i.e.
> >> >> > take
> >> >> > output from Python, use d3js to create a table/figure, use some
> >> >> > blackbox,
> >> >> > have the output visible in the notebook (or be able to save it
> >> >> > elsewhere
> >> >> > as
> >> >> > svg/html/png/etc).
> >> >> >
> >> >> > You can find an example notebook with a lot of custom tables and
> some
> >> >> > figures  here <
> http://nbviewer.ipython.org/4484816/ipyD3sample.ipynb>
> >> >> > .
> >> >> > They are all created based on data from Python, rendered in
> PhantomJs
> >> >> > (in
> >> >> > that case I just copy the html, but PhantomJs allows for conversion
> >> >> > to
> >> >> > other
> >> >> > formats), and then published in the notebook.
> >> >> >
> >> >> > I created it for myself, so there is hardly any commenting in the
> >> >> > file
> >> >> > (I
> >> >> > know, bad), but I have been using it for a few months now and it
> >> >> > works
> >> >> > really well. D3js has some great modern visualizations coded in and
> >> >> > it
> >> >> > takes
> >> >> > only a few days to learn the syntax by doing.
> >> >> >
> >> >> > Personally I think it would be really nice to make it into an
> >> >> > extension/package, but I lack experience/time to do that.
> >> >> >
> >> >> >
> >> >> >
> >> >> > --
> >> >> > View this message in context:
> >> >> > http://python.6.n6.nabble.com/D3js-and-IPython-tp5001661.html
> >> >> > Sent from the IPython - Development mailing list archive at
> >> >> > Nabble.com.
> >> >> > _______________________________________________
> >> >> > IPython-dev mailing list
> >> >> > [hidden email]
> >> >> > http://mail.scipy.org/mailman/listinfo/ipython-dev
> >> >>
> >> >> _______________________________________________
> >> >> IPython-dev mailing list
> >> >> [hidden email]
> >> >> http://mail.scipy.org/mailman/listinfo/ipython-dev
> >> >>
> >> >>
> >> >> ________________________________
> >> >> If you reply to this email, your message will be added to the
> >> >> discussion
> >> >> below:
> >> >>
> http://python.6.n6.nabble.com/D3js-and-IPython-tp5001661p5001692.html
> >> >> To unsubscribe from D3js and IPython, click here.
> >> >> NAML
> >> >
> >> >
> >> >
> >> > ________________________________
> >> > View this message in context: Re: D3js and IPython
> >> >
> >> > Sent from the IPython - Development mailing list archive at
> Nabble.com.
> >> >
> >> > _______________________________________________
> >> > IPython-dev mailing list
> >> > IPython-dev@scipy.org
> >> > http://mail.scipy.org/mailman/listinfo/ipython-dev
> >> >
> >>
> >>
> >>
> >> --
> >> Brian E. Granger
> >> Cal Poly State University, San Luis Obispo
> >> bgranger@calpoly.edu and ellisonbg@gmail.com
> >> _______________________________________________
> >> IPython-dev mailing list
> >> IPython-dev@scipy.org
> >> http://mail.scipy.org/mailman/listinfo/ipython-dev
> >
> >
> >
> > _______________________________________________
> > IPython-dev mailing list
> > IPython-dev@scipy.org
> > http://mail.scipy.org/mailman/listinfo/ipython-dev
> >
>
>
>
> --
> Brian E. Granger
> Cal Poly State University, San Luis Obispo
> bgranger@calpoly.edu and ellisonbg@gmail.com
> _______________________________________________
> IPython-dev mailing list
> IPython-dev@scipy.org
> http://mail.scipy.org/mailman/listinfo/ipython-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.scipy.org/pipermail/ipython-dev/attachments/20130108/ec666aae/attachment-0001.html 


More information about the IPython-dev mailing list