<div dir="ltr">I had a look at jsplugins and indeed it makes sense to use that in my context, although I would still keep my class for rendering static things or things that use css for interactivity.<div><br></div><div>However, the way I understand is that js in unwanted in the saved output because it may communicate with the kernel, and that in turn can do whatever. Wouldn't escaping just such calls be an option too?</div>
<div><br></div><div>For the jsplugins to work I think there should be an install function within IPython where you point at some url that hosts the plugin. And, there should be an easy way to extend plugins from within IPython so that the user doesn't have to have file system access to add a script.</div>
<div><br></div><div style>Also, the base of the code for my papers-style notebooks that extracts footnotes is at <a href="http://nbviewer.ipython.org/4492534/" target="_top" rel="nofollow" link="external">http://nbviewer.ipython.org/4492534/</a></div>
</div><div class="gmail_extra"><br clear="all"><div>Z wyrazami szacunku,<br>Marcin Zamojski</div>
<br><br><div class="gmail_quote">On Wed, Jan 9, 2013 at 8:37 AM, Matthias Bussonnier [via Python] <span dir="ltr"><<a href="/user/SendEmail.jtp?type=node&node=5001767&i=0" target="_top" rel="nofollow" link="external">[hidden email]</a>></span> wrote:<br>
<blockquote style='border-left:2px solid #CCCCCC;padding:0 1em' class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">
<div><div class='shrinkable-quote'><br>> I do appreciate the concern, and we need a solution to the issue.
<br>> I just don't think we have a complete one yet.
<br>> Right now, we have a supremely flexible (and thus insecure) situation,
<br>> whereas jsplugins-only is secure, but not remotely flexible from a user's perspective.
<br>>
<br>> This is an extremely serious incapacitation of the notebook.
<br>> The trouble is that jsplugins is a relatively tolerable substitue
<br>> for the single-user notebook, but where the problem is worst
<br>> is when users don't actually have access to the server
<br>> to install jsplugins. So it's precisely the case where we
<br>> would not allow custom js that jsplugins fail most dramatically
<br>> as a substitute.
<br>>
<br>> Is it really our intention to require *server* installation of a plugin
<br>> for a user to gain access to a new widget? That seems to eliminate a *huge* portion of exactly what makes the notebook interesting.
<br>>
<br>> If we have a way that js plugins can be loaded at runtime by the user without access to the server (presumably with a 'do you trust this guy?' confirmation),
<br>> then that would go a long way toward preventing the total castration of the notebook.
<br>>
</div></div></div>The problem is that if we escape javascript in output to prevent js execution at load time we do make
<br>injecting javascript **script tag** useless in markdown and cell ouput.
<br><br>This is a slight difference than displaying javascript with the Javascript object that actually evaluate the string of code.
<br>It is also dangerous in multi-user context, even if this javascript is not runned at load time.
<br><br>I think that Json plugin are much better than current structure because one of the first plugin you can write can evaluate javascript
<br>code, so it actually does the same as Javascript object.
<br>But, If you design a custom plugin that deal with a specific type of json data, then you get the ability for this data to be used
<br>at load time as the json repr is stored.
<br><br>And I do agree that we need to give users a way to still display JS.
<br><br>I still think we should **strongly** encourage them not to use Javascript object because of it's inherent evaluation
<br>which is not stored. It is nice for prototyping, but it does more harm than anything for sharing.
<br><br>Finally I suppose it will be doable and a good thing to develop the ability to plug those jsplugin to nbviewer.
<br>--
<br>Matthias
<br><div class="im"><br><br><br>_______________________________________________
<br>IPython-dev mailing list
<br><a href="http://user/SendEmail.jtp?type=node&node=5001731&i=0" rel="nofollow" link="external" target="_blank">[hidden email]</a>
<br><a href="http://mail.scipy.org/mailman/listinfo/ipython-dev" rel="nofollow" link="external" target="_blank">http://mail.scipy.org/mailman/listinfo/ipython-dev</a><br>
<br>
<br>
<hr noshade size="1" color="#cccccc">
</div><div style="color:#444;font:12px tahoma,geneva,helvetica,arial,sans-serif"><div class="im">
<div style="font-weight:bold">If you reply to this email, your message will be added to the discussion below:</div>
</div><a href="http://python.6.n6.nabble.com/D3js-and-IPython-tp5001661p5001731.html" target="_blank" rel="nofollow" link="external">http://python.6.n6.nabble.com/D3js-and-IPython-tp5001661p5001731.html</a>
</div><div class="HOEnZb"><div class="h5">
<div style="color:#666;font:11px tahoma,geneva,helvetica,arial,sans-serif;margin-top:.4em;line-height:1.5em">
To unsubscribe from D3js and IPython, <a href="" target="_blank" rel="nofollow" link="external">click here</a>.<br>
<a href="http://python.6.n6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml" rel="nofollow" style="font:9px serif" target="_blank" link="external">NAML</a>
</div></div></div></blockquote></div><br></div>
<br/><hr align="left" width="300" />
View this message in context: <a href="http://python.6.n6.nabble.com/D3js-and-IPython-tp5001661p5001767.html">Re: D3js and IPython</a><br/>
Sent from the <a href="http://python.6.n6.nabble.com/IPython-Development-f1646922.html">IPython - Development mailing list archive</a> at Nabble.com.<br/>