[IPython-dev] Scipy central & IPython notebook.

Matthias BUSSONNIER bussonniermatthias at gmail.com
Mon Sep 24 15:37:56 EDT 2012


Le 24 sept. 2012 à 21:19, Brian Granger a écrit :

> On Mon, Sep 24, 2012 at 12:49 AM, Matthias BUSSONNIER
> <bussonniermatthias at gmail.com> wrote:
>> 
>> Le 24 sept. 2012 à 01:13, Fernando Perez a écrit :
>> 
>>> On Sun, Sep 23, 2012 at 1:19 PM, Thomas Kluyver <takowl at gmail.com> wrote:
>>>>> From my perspective, nbviewer is a poor name for this. The focus
>>>> should be on the content (scientific Python example code), not the
>>>> tools (the notebook). Within that, we can promote the Notebook, but
>>>> naming the site after it would be putting the cart before the horse.
>>> 
>>> Jumping in a little late here...  Here's my perspective on this:
>>> IPython is an important piece of the pylab ecosystem, and as I argued
>>> vociferously on the scipy-user discussion, I think the notebook should
>>> play an even more prominent role in there.  But it's also very
>>> important to keep this in mind: ipython and the notebook are also used
>>> by, and important to, communities that have nothing to do at all with
>>> scientific work.
>>> 
>>> And in the spirit of pylab being a federation of collaborating
>>> projects, I think the right solution here is to find a way for say
>>> 'pylab-central' (were it to exist) to use something *like* nbviewer,
>>> or nbviewer itself, but without having to tightly couple it to pylab
>>> central, so that it can be equally used by other projects and
>>> communities that don't have scientific uses in mind.
>>> 
>>> Pylab-central could, for notebooks, simply embed (perhaps in an
>>> iframe) the nbviewer-rendered version of a notebook.
>> 
>> Certainly not as is !
>> Nbviewer embed remote javascript which would be high security risk for any website
>> or user that **trust** ipython.org
> 
> I am beginning to think we should remove <script> tags from markdown
> cells because of this.

This is **not** an issues of <script> tag in markdown cell. 
you can insert html almost everywhere, we should totally assumed 
that people can forge a false notebook file on their own.

So script in html output, or maybe even in code cell source. 

One way I see is iframe sandboxing with recent browser. 
-- 
Matthias


> 
>> This is one of the reason that I'm reluctant to add github (or other) authentication on nbviewer.
>> The day we add something like that to nbviewer of if so embed it in another website without proper
>> care, it is the golden goose for anyone that want to do javascript injection.
> 
> Yep, this is a huge issue.
> 
>> In the long term it would be nice to have an api.nbviewer.ipython.org that serve something clean,
>> but I just don't want people to try this kind of things for now.
>> --
>> Matthias
>> 
>> 
>>> It will be up tow
>>> the pylab central developers to decide whether they want to get into
>>> the business of hosting notebooks or they point to people's gists or
>>> full-fledged repos. nbviewer doesn't care where things are: as long as
>>> there's a public URL for an ipynb file, it can render it.
>>> 
>>> This loose-coupling model seems to me better both in terms of
>>> acknowledging the structure of the pylab/ipython Venn diagram as well
>>> as in the spirit of federated collaboration we're trying to establish
>>> with pylab.
>>> 
>>> Cheers,
>>> 
>>> f
>>> _______________________________________________
>>> IPython-dev mailing list
>>> IPython-dev at scipy.org
>>> http://mail.scipy.org/mailman/listinfo/ipython-dev
>> 
>> _______________________________________________
>> IPython-dev mailing list
>> IPython-dev at scipy.org
>> http://mail.scipy.org/mailman/listinfo/ipython-dev
> 
> 
> 
> -- 
> Brian E. Granger
> Cal Poly State University, San Luis Obispo
> bgranger at calpoly.edu and ellisonbg at gmail.com
> _______________________________________________
> IPython-dev mailing list
> IPython-dev at scipy.org
> http://mail.scipy.org/mailman/listinfo/ipython-dev




More information about the IPython-dev mailing list