[IPython-dev] what is this "Untrusted text/latex output ignored." stuff?
Zoltán Vörös
zvoros at gmail.com
Mon Feb 3 10:50:51 EST 2014
Hi all,
I don't want to be seen as impatient, or anything like that, but I feel
that this signature thing is somehow broken, so I would like to follow
up on Damián's and Matthias' comments.
No matter what I do, if I try to use an old notebook (old meaning
created last Friday:) its content is not trusted. I have run
ipython trust mynotebook.ipynb
and I can see the signature at the top of the file. However, latex/svg
are still not displayed. According to the PR that Damián referred to,
only javascript and HTML items should be affected by this change,
although, I understand that SVG might also be exploited for some
injection attack.
All this is not a major issue for me at the moment, I would just like to
make sure that the developers know about it.
Chees,
Zoltán
On 03/02/14 13:15, Matthias Bussonnier wrote:
> Hi zoltan,
>
> we havent yet posted info on the ML about that and will do soon.
>
>
> In short, we sign the notebook when you save it, and if the signaure
> don't mach we don't render potentially dangerous ouput.
> We will do the same in markdown soon if it contains script tag.
>
> WhiteListing latex might be an oversight.
>
> If you rerun the all notebook and save, the ouput should be tusted, a
> least for you, more info soon.
>
> --
> Matthias
>
>
>
>
> On Mon, Feb 3, 2014 at 12:15 PM, Zoltán Vörös <zvoros at gmail.com
> <mailto:zvoros at gmail.com>> wrote:
>
> Hi all,
>
> When a notebook contains sympy-generated latex code, the latex
> content is not rendered on load, instead an "Untrusted text/latex
> output ignored." messageis displayed. On the other hand, latex in
> a markdown cell is trusted, and rendered properly. Is there a way
> to instruct the notebook to "trust" the latex code even in the
> output field of a code cell? Are there any security issues
> involved here?
>
> Cheers,
> Zoltán
>
> _______________________________________________
> IPython-dev mailing list
> IPython-dev at scipy.org <mailto:IPython-dev at scipy.org>
> http://mail.scipy.org/mailman/listinfo/ipython-dev
>
>
>
>
> _______________________________________________
> IPython-dev mailing list
> IPython-dev at scipy.org
> http://mail.scipy.org/mailman/listinfo/ipython-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ipython-dev/attachments/20140203/a5d433c6/attachment.html>
More information about the IPython-dev
mailing list