[IPython-dev] is markdown broken in latest ipython?
Min RK
benjaminrk at gmail.com
Sat Jun 1 12:59:42 EDT 2013
The current plan is to continue to allow arbitrary execution, as long as it is the result of explicit user action. That means scrubbing JavaScript from markdown cells, and also preventing it from running on page load, but no change in what is allowed in displayed JavaScript or HTML.
-MinRK
On Jun 1, 2013, at 8:13, Jacob Vanderplas <jakevdp at cs.washington.edu> wrote:
> On Mon, May 13, 2013 at 11:30 AM, Min RK <benjaminrk at gmail.com> wrote:
>>
>> Do note that, as described in that issue, script tags in markdown cells will be completely disabled by IPython 1.0 (as opposed to master, where they are merely broken).
>
> Came into this a bit late, sorry. Can someone briefly clarify what's going to be permitted with regard to javascript in IPython 1.0?
>
> From poking around on the mailing list & roadmap, it's clear that javascript within markdown cells is going to be deprecated, with replacement functionality deferred to the 2.0 release in December. But what about javascript within the IPython.display.Javascript() or IPython.display.HTML() functions? If security is the driving concern, it seems that you could be just as malicious using these as you could using markdown cells.
>
> I guess my main question is: should I continue spending time on things like Javascript animations [1], or will these become obsolete in July?
> Jake
>
> [1] http://jakevdp.github.io/blog/2013/05/19/a-javascript-viewer-for-matplotlib-animations/
>
>>
>>>
>>> Le lundi 13 mai 2013, Zoltán Vörös a écrit :
>>>> Hi Min,
>>>>
>>>> Thanks for the info!
>>>>
>>>> Cheers,
>>>> Zoltán
>>>>
>>>> On 13/05/13 17:28, MinRK wrote:
>>>>> Bug is already open, and fix is already in marked. Just waiting for a release before we update the components.
>>
>>> _______________________________________________
>>> IPython-dev mailing list
>>> IPython-dev at scipy.org
>>> http://mail.scipy.org/mailman/listinfo/ipython-dev
>>
>> _______________________________________________
>> IPython-dev mailing list
>> IPython-dev at scipy.org
>> http://mail.scipy.org/mailman/listinfo/ipython-dev
>
> _______________________________________________
> IPython-dev mailing list
> IPython-dev at scipy.org
> http://mail.scipy.org/mailman/listinfo/ipython-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ipython-dev/attachments/20130601/eb630438/attachment.html>
More information about the IPython-dev
mailing list