[IPython-dev] Paste images into the notebook
Juergen Hasch
python at elbonia.de
Sat Apr 26 11:40:53 EDT 2014
I agree that it not a good idea to do so. This is why I linked to the IPython documentation page describing why
sanitation was introduced and also replaced the extension on IPython-contrib.
Now if you have some old notebooks with embedded images, you will want a way to open them again.
Creating new notebooks this way is not a good idea, agreed.
Am 26.04.2014 15:46, schrieb Matthias Bussonnier:
> Hi all,
> Le 26 avr. 2014 à 15:23, Juergen Hasch a écrit :
>
>> This is due to security issues, see here:
>> http://ipython.org/ipython-doc/dev/notebook/security.html
>>
>> You can turn sanitizing off by adding this line to your local custom.js:
>> IPython.security.sanitize_html = function (html) { return html; };
>
> This is a **really** **really** bad advice to give.
>
> 1) This mean that the image will not work on other machines.
>
> 2) If we added security it is not without reasons, and not to annoy people.
>
> Adding this to your custom JS mean that any notebook you **look at** will be
> able to execute code both **in the browser** and **in the kernel**.
>
> It means that the author of a downloaded notebook you **put your eyes on**
> potentially have now access to all your hard drive, uploaded your ssh keys,
> just contaminated all the other notebook of your hard drive, stole
> your credential if you are logged in, downgraded your version of open ssl to 1.0.1f
>
> You have been warned, don't complain if all hell break loose.
>
More information about the IPython-dev
mailing list