##// END OF EJS Templates
upstream » ipython
RSS

Clone from https://github.com/ipython/ipython.git

sanitize untrusted HTML output...
MinRK -
Show More
Show file before | Show file after | Hide comments
@@ -490,13 +490,13 b' var IPython = (function (IPython) {'
490 490 var type = OutputArea.display_order[type_i];
491 491 var append = OutputArea.append_map[type];
492 492 if ((json[type] !== undefined) && append) {
493 var value = json[type];
493 494 if (!this.trusted && !OutputArea.safe_outputs[type]) {
494 // not trusted show warning and do not display
495 var is_safe = false;
495 // not trusted, sanitize HTML
496 496 if (type==='text/html' || type==='text/svg') {
497 is_safe = IPython.security.is_safe(json[type]);
498 }
499 if (!is_safe) {
497 value = IPython.security.sanitize_html(value);
498 } else {
499 // warn and don't display if we don't know how to sanitize it
500 500 var content = {
501 501 text : "Untrusted " + type + " output ignored.",
502 502 stream : "stderr"
@@ -506,8 +506,8 b' var IPython = (function (IPython) {'
506 506 }
507 507 }
508 508 var md = json.metadata || {};
509 var toinsert = append.apply(this, [json[type], md, element]);
510 $([IPython.events]).trigger('output_appended.OutputArea', [type, json[type], md, toinsert]);
509 var toinsert = append.apply(this, [value, md, element]);
510 $([IPython.events]).trigger('output_appended.OutputArea', [type, value, md, toinsert]);
511 511 return true;
512 512 }
513 513 }
General Comments 0
You need to be logged in to leave comments. Login now