[IPython-dev] D3js and IPython

Brian Granger ellisonbg@gmail....
Wed Jan 9 18:49:28 CST 2013


> I really can't imagine that it will come to this - you are talking about
> disabling pandas table printing,
> and simple rich text reprs.  That doesn't seem tenable.  It's also disabling
> sized images, since our message spec so far has foolishly excluded shape
> information for images, etc, or the ability to display any kind of
> formatting (e.g. two images side-by-side).

Sorry I wasn't clear.  I meant to just remove the <script> tags, not
all of the HTML ouput.  In your language "sanitize" it.

> We should be able to sanitize Javascript from HTML - both in rendered
> markdown and HTML output data. This, in turn, could allow script detection
> and give an 'unsafe dynamic content, only allow if you trust...' message.

Yep.

Brian

> The cost of what you are proposing is *extremely* high.
>
>>
>>
>> > This is a slight difference than displaying javascript with the
>> > Javascript object that actually evaluate the string of code.
>> > It is also dangerous in multi-user context, even if this javascript is
>> > not runned at load time.
>> >
>> > I think that Json plugin are much better than current structure because
>> > one of the first plugin you can write can evaluate javascript
>> > code, so it actually does the same as Javascript object.
>> > But, If you design a custom plugin that deal with a specific type of
>> > json data, then you get the ability for this data to be used
>> > at load time as the json repr is stored.
>> >
>> > And I do agree that we need to give users a way to still display JS.
>> >
>> > I still think we should **strongly** encourage them not to use
>> > Javascript object because of it's inherent evaluation
>> > which is not stored. It is nice for prototyping, but it does more harm
>> > than anything for sharing.
>> >
>> > Finally I suppose it will be doable and a good thing to develop the
>> > ability to plug those jsplugin to nbviewer.
>>
>> Yes, I agree.
>>
>> > --
>> > Matthias
>> >
>> >
>> >
>> > _______________________________________________
>> > IPython-dev mailing list
>> > IPython-dev@scipy.org
>> > http://mail.scipy.org/mailman/listinfo/ipython-dev
>>
>>
>>
>> --
>> Brian E. Granger
>> Cal Poly State University, San Luis Obispo
>> bgranger@calpoly.edu and ellisonbg@gmail.com
>> _______________________________________________
>> IPython-dev mailing list
>> IPython-dev@scipy.org
>> http://mail.scipy.org/mailman/listinfo/ipython-dev
>
>
>
> _______________________________________________
> IPython-dev mailing list
> IPython-dev@scipy.org
> http://mail.scipy.org/mailman/listinfo/ipython-dev
>



--
Brian E. Granger
Cal Poly State University, San Luis Obispo
bgranger@calpoly.edu and ellisonbg@gmail.com


More information about the IPython-dev mailing list