[IPython-dev] what is this "Untrusted text/latex output ignored." stuff?

Zoltán Vörös zvoros at gmail.com
Mon Feb 3 10:50:51 EST 2014


Hi all,

I don't want to be seen as impatient, or anything like that, but I feel 
that this signature thing is somehow broken, so I would like to follow 
up on Damián's and Matthias' comments.

No matter what I do, if I try to use an old notebook (old meaning 
created last Friday:) its content is not trusted. I have run

ipython trust mynotebook.ipynb

and I can see the signature at the top of the file. However, latex/svg 
are still not displayed. According to the PR that Damián referred to, 
only javascript and HTML items should be affected by this change, 
although, I understand that SVG might also be exploited for some 
injection attack.

All this is not a major issue for me at the moment, I would just like to 
make sure that the developers know about it.

Chees,
Zoltán

On 03/02/14 13:15, Matthias Bussonnier wrote:
> Hi zoltan,
>
> we havent yet posted info on the ML about that and will do soon.
>
>
> In short, we sign the notebook when you save it, and if the signaure 
> don't mach we don't render potentially dangerous ouput.
> We will do the same in markdown soon if it contains script tag.
>
> WhiteListing latex might be an oversight.
>
> If you rerun the all notebook and save, the ouput should be tusted, a 
> least for you, more info soon.
>
> -- 
> Matthias
>
>
>
>
> On Mon, Feb 3, 2014 at 12:15 PM, Zoltán Vörös <zvoros at gmail.com 
> <mailto:zvoros at gmail.com>> wrote:
>
>     Hi all,
>
>     When a notebook contains sympy-generated latex code, the latex
>     content is not rendered on load, instead an "Untrusted text/latex
>     output ignored." messageis displayed. On the other hand, latex in
>     a markdown cell is trusted, and rendered properly. Is there a way
>     to instruct the notebook to "trust" the latex code even in the
>     output field of a code cell? Are there any security issues
>     involved here?
>
>     Cheers,
>     Zoltán
>
>     _______________________________________________
>     IPython-dev mailing list
>     IPython-dev at scipy.org <mailto:IPython-dev at scipy.org>
>     http://mail.scipy.org/mailman/listinfo/ipython-dev
>
>
>
>
> _______________________________________________
> IPython-dev mailing list
> IPython-dev at scipy.org
> http://mail.scipy.org/mailman/listinfo/ipython-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ipython-dev/attachments/20140203/a5d433c6/attachment.html>


More information about the IPython-dev mailing list