[IPython-dev] D3js and IPython
Wed Jan 9 16:38:05 CST 2013
On Wed, Jan 9, 2013 at 2:21 PM, Brian Granger <firstname.lastname@example.org> wrote:
> On Tue, Jan 8, 2013 at 11:37 PM, Matthias BUSSONNIER
> <email@example.com> wrote:
> >> I do appreciate the concern, and we need a solution to the issue.
> >> I just don't think we have a complete one yet.
> >> Right now, we have a supremely flexible (and thus insecure) situation,
> >> whereas jsplugins-only is secure, but not remotely flexible from a
> user's perspective.
> >> This is an extremely serious incapacitation of the notebook.
> >> The trouble is that jsplugins is a relatively tolerable substitue
> >> for the single-user notebook, but where the problem is worst
> >> is when users don't actually have access to the server
> >> to install jsplugins. So it's precisely the case where we
> >> would not allow custom js that jsplugins fail most dramatically
> >> as a substitute.
> >> Is it really our intention to require *server* installation of a plugin
> >> for a user to gain access to a new widget? That seems to eliminate a
> *huge* portion of exactly what makes the notebook interesting.
> >> If we have a way that js plugins can be loaded at runtime by the user
> without access to the server (presumably with a 'do you trust this guy?'
> >> then that would go a long way toward preventing the total castration of
> the notebook.
> execution at load time we do make
> I don't see any way that we can allow <script> tags in markdown and
> HTML output. Those is the most dangerous case as they are run at
> notebook load time and there is no hook for us to prevent that. All
> we can do it strip them.
I really can't imagine that it will come to this - you are talking about
disabling pandas table printing,
and simple rich text reprs. That doesn't seem tenable. It's also
disabling sized images, since our message spec so far has foolishly
excluded shape information for images, etc, or the ability to display any
kind of formatting (e.g. two images side-by-side).
We should be able to
from HTML - both in rendered markdown and HTML output data.
This, in turn, could allow script detection and give an 'unsafe dynamic
content, only allow if you trust...' message.
The cost of what you are proposing is *extremely* high.
> not runned at load time.
> > I think that Json plugin are much better than current structure because
> > But, If you design a custom plugin that deal with a specific type of
> json data, then you get the ability for this data to be used
> > at load time as the json repr is stored.
> > And I do agree that we need to give users a way to still display JS.
> > I still think we should **strongly** encourage them not to use
> > which is not stored. It is nice for prototyping, but it does more harm
> than anything for sharing.
> > Finally I suppose it will be doable and a good thing to develop the
> ability to plug those jsplugin to nbviewer.
> Yes, I agree.
> > --
> > Matthias
> > _______________________________________________
> > IPython-dev mailing list
> > IPythonfirstname.lastname@example.org
> > http://mail.scipy.org/mailman/listinfo/ipython-dev
> Brian E. Granger
> Cal Poly State University, San Luis Obispo
> email@example.com and firstname.lastname@example.org
> IPython-dev mailing list
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the IPython-dev