upstream/ipython Commit - r15637:971df366

always sanitize markdown...

MinRK -

r15637:971df366

parent child

IPython/html/static/notebook/js/textcell.js

0 +22 -28

@@ -356,20 +356,15 b' var IPython = (function (IPython) {'
356	text = text_and_math[0];	356	text = text_and_math[0];
357	math = text_and_math[1];	357	math = text_and_math[1];
358	var html = marked.parser(marked.lexer(text));	358	var html = marked.parser(marked.lexer(text));
359	var safe = security.is_safe(html);	359	html = IPython.mathjaxutils.replace_math(html, math);
360	if (safe) {	360	html = security.sanitize_html(html);
361	html = $(IPython.mathjaxutils.replace_math(html, math));	361	html = $(html);
362	// links in markdown cells should open in new tabs	362	// links in markdown cells should open in new tabs
363	html.find("a[href]").not('[href^="#"]').attr("target", "_blank");	363	html.find("a[href]").not('[href^="#"]').attr("target", "_blank");
364	this.set_rendered(html);	364	this.set_rendered(html);
365	} else {
366	this.insert_security_warning();
367	}
368	this.element.find('div.input_area').hide();	365	this.element.find('div.input_area').hide();
369	this.element.find("div.text_cell_render").show();	366	this.element.find("div.text_cell_render").show();
370	if (~~safe~~) {	367	this.typeset();
371	this.typeset();
372	}
373	}	368	}
374	return cont;	369	return cont;
375	};	370	};
@@ -534,24 +529,23 b' var IPython = (function (IPython) {'
534	text = text_and_math[0];	529	text = text_and_math[0];
535	math = text_and_math[1];	530	math = text_and_math[1];
536	var html = marked.parser(marked.lexer(text));	531	var html = marked.parser(marked.lexer(text));
537	var safe = security.is_safe(html);	532	html = IPython.mathjaxutils.replace_math(html, math);
538	if (safe) {	533	html = security.sanitize_html(html);
539	var h = $(IPython.mathjaxutils.replace_math(html, math));	534	var h = $(html);
540	// add id and linkback anchor	535	// add id and linkback anchor
541	var hash = h.text().replace(/ /g, '-');	536	var hash = h.text().replace(/ /g, '-');
542	h.attr('id', hash);	537	h.attr('id', hash);
543	h.append(	538	h.append(
544	$('<a/>')	539	$('<a/>')
545	.addClass('anchor-link')	540	.addClass('anchor-link')
546	.attr('href', '#' + hash)	541	.attr('href', '#' + hash)
547	.text('¶')	542	.text('¶')
548	);	543	);
549	this.set_rendered(h);	544	this.set_rendered(h);
550	} else {
551	this.insert_security_warning();
552	}
553	this.element.find('div.text_cell_input').hide();	545	this.element.find('div.text_cell_input').hide();
554	this.element.find("div.text_cell_render").show();	546	this.element.find("div.text_cell_render").show();
		547	this.typeset();
		548	}
555	return cont;	549	return cont;
556	};	550	};
557		551

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages