[IPython-dev] Paste images into the notebook

Juergen Hasch python at elbonia.de
Sat Apr 26 11:40:53 EDT 2014

I agree that it not a good idea to do so. This is why I linked to the IPython documentation page describing why
sanitation was introduced and also replaced the extension on IPython-contrib.

Now if you have some old notebooks with embedded images, you will want a way to open them again.
Creating new notebooks this way is not a good idea, agreed.

Am 26.04.2014 15:46, schrieb Matthias Bussonnier:
> Hi all, 
> Le 26 avr. 2014 à 15:23, Juergen Hasch a écrit :
>> This is due to security issues, see here:
>> http://ipython.org/ipython-doc/dev/notebook/security.html
>> You can turn sanitizing off by adding this line to your local custom.js:
>> IPython.security.sanitize_html = function (html) { return html; };
> This is a **really** **really** bad advice to give. 
> 1) This mean that the image will not work on other machines.
> 2) If we added security it is not without reasons, and not to annoy people.
> Adding this to your custom JS mean that any notebook you **look at** will be 
> able to execute code both **in the browser** and **in the kernel**. 
> It means that the author of a downloaded notebook you **put your eyes on** 
> potentially have now access to all your hard drive, uploaded your ssh keys,
> just contaminated all the other notebook of your hard drive, stole
> your credential if you are logged in, downgraded your version of open ssl to 1.0.1f
> You have been warned, don't complain if all hell break loose. 

More information about the IPython-dev mailing list