Show More
@@ -481,6 +481,7 b' var IPython = (function (IPython) {' | |||||
481 | } |
|
481 | } | |
482 | this.input_prompt_number = number; |
|
482 | this.input_prompt_number = number; | |
483 | var prompt_html = CodeCell.input_prompt_function(this.input_prompt_number, nline); |
|
483 | var prompt_html = CodeCell.input_prompt_function(this.input_prompt_number, nline); | |
|
484 | // This HTML call is okay because the user contents are escaped. | |||
484 | this.element.find('div.input_prompt').html(prompt_html); |
|
485 | this.element.find('div.input_prompt').html(prompt_html); | |
485 | }; |
|
486 | }; | |
486 |
|
487 |
@@ -343,7 +343,8 b' var IPython = (function (IPython) {' | |||||
343 | // Insert the subarea into the iframe |
|
343 | // Insert the subarea into the iframe | |
344 | // We must directly write the html. When using Jquery's append |
|
344 | // We must directly write the html. When using Jquery's append | |
345 | // method, javascript is evaluated in the parent document and |
|
345 | // method, javascript is evaluated in the parent document and | |
346 | // not in the iframe document. |
|
346 | // not in the iframe document. At this point, subarea doesn't | |
|
347 | // contain any user content. | |||
347 | this.contentDocument.write(subarea.html()); |
|
348 | this.contentDocument.write(subarea.html()); | |
348 |
|
349 | |||
349 | this.contentDocument.close(); |
|
350 | this.contentDocument.close(); | |
@@ -370,12 +371,10 b' var IPython = (function (IPython) {' | |||||
370 | // display a message when a javascript error occurs in display output |
|
371 | // display a message when a javascript error occurs in display output | |
371 | var msg = "Javascript error adding output!" |
|
372 | var msg = "Javascript error adding output!" | |
372 | if ( element === undefined ) return; |
|
373 | if ( element === undefined ) return; | |
373 |
element |
|
374 | element | |
374 | $('<div/>').html(msg + "<br/>" + |
|
375 | .append($('<div/>').text(msg).addClass('js-error')) | |
375 | err.toString() + |
|
376 | .append($('<div/>').text(err.toString()).addClass('js-error')) | |
376 |
|
|
377 | .append($('<div/>').text('See your browser Javascript console for more details.').addClass('js-error')); | |
377 | ).addClass('js-error') |
|
|||
378 | ); |
|
|||
379 | }; |
|
378 | }; | |
380 |
|
379 | |||
381 | OutputArea.prototype._safe_append = function (toinsert) { |
|
380 | OutputArea.prototype._safe_append = function (toinsert) { | |
@@ -447,6 +446,8 b' var IPython = (function (IPython) {' | |||||
447 | var pre = this.element.find('div.'+subclass).last().find('pre'); |
|
446 | var pre = this.element.find('div.'+subclass).last().find('pre'); | |
448 | var html = utils.fixCarriageReturn( |
|
447 | var html = utils.fixCarriageReturn( | |
449 | pre.html() + utils.fixConsole(text)); |
|
448 | pre.html() + utils.fixConsole(text)); | |
|
449 | // The only user content injected with this HTML call is | |||
|
450 | // escaped by the fixConsole() method. | |||
450 | pre.html(html); |
|
451 | pre.html(html); | |
451 | return; |
|
452 | return; | |
452 | } |
|
453 | } | |
@@ -548,6 +549,8 b' var IPython = (function (IPython) {' | |||||
548 | if (extra_class){ |
|
549 | if (extra_class){ | |
549 | toinsert.addClass(extra_class); |
|
550 | toinsert.addClass(extra_class); | |
550 | } |
|
551 | } | |
|
552 | // The only user content injected with this HTML call is | |||
|
553 | // escaped by the fixConsole() method. | |||
551 | toinsert.append($("<pre/>").html(data)); |
|
554 | toinsert.append($("<pre/>").html(data)); | |
552 | element.append(toinsert); |
|
555 | element.append(toinsert); | |
553 | return toinsert; |
|
556 | return toinsert; |
@@ -164,6 +164,8 b' var IPython = (function (IPython) {' | |||||
164 | } |
|
164 | } | |
165 |
|
165 | |||
166 | Pager.prototype.append_text = function (text) { |
|
166 | Pager.prototype.append_text = function (text) { | |
|
167 | // The only user content injected with this HTML call is escaped by | |||
|
168 | // the fixConsole() method. | |||
167 | this.pager_element.find(".container").append($('<pre/>').html(utils.fixCarriageReturn(utils.fixConsole(text)))); |
|
169 | this.pager_element.find(".container").append($('<pre/>').html(utils.fixCarriageReturn(utils.fixConsole(text)))); | |
168 | }; |
|
170 | }; | |
169 |
|
171 |
@@ -288,6 +288,8 b' var IPython = (function (IPython) {' | |||||
288 | // make this value the starting point, so that we can only undo |
|
288 | // make this value the starting point, so that we can only undo | |
289 | // to this state, instead of a blank cell |
|
289 | // to this state, instead of a blank cell | |
290 | this.code_mirror.clearHistory(); |
|
290 | this.code_mirror.clearHistory(); | |
|
291 | // TODO: This HTML needs to be treated as potentially dangerous | |||
|
292 | // user input and should be handled before set_rendered. | |||
291 | this.set_rendered(data.rendered || ''); |
|
293 | this.set_rendered(data.rendered || ''); | |
292 | this.rendered = false; |
|
294 | this.rendered = false; | |
293 | this.render(); |
|
295 | this.render(); | |
@@ -343,15 +345,20 b' var IPython = (function (IPython) {' | |||||
343 | math = text_and_math[1]; |
|
345 | math = text_and_math[1]; | |
344 | var html = marked.parser(marked.lexer(text)); |
|
346 | var html = marked.parser(marked.lexer(text)); | |
345 | html = $(IPython.mathjaxutils.replace_math(html, math)); |
|
347 | html = $(IPython.mathjaxutils.replace_math(html, math)); | |
346 |
// |
|
348 | // Links in markdown cells should open in new tabs. | |
347 | html.find("a[href]").not('[href^="#"]').attr("target", "_blank"); |
|
349 | html.find("a[href]").not('[href^="#"]').attr("target", "_blank"); | |
348 | try { |
|
350 | try { | |
|
351 | // TODO: This HTML needs to be treated as potentially dangerous | |||
|
352 | // user input and should be handled before set_rendered. | |||
349 | this.set_rendered(html); |
|
353 | this.set_rendered(html); | |
350 | } catch (e) { |
|
354 | } catch (e) { | |
351 | console.log("Error running Javascript in Markdown:"); |
|
355 | console.log("Error running Javascript in Markdown:"); | |
352 | console.log(e); |
|
356 | console.log(e); | |
353 |
this.set_rendered( |
|
357 | this.set_rendered( | |
354 | "Error rendering Markdown!<br/>" + e.toString()) |
|
358 | $("<div/>") | |
|
359 | .append($("<div/>").text('Error rendering Markdown!').addClass("js-error")) | |||
|
360 | .append($("<div/>").text(e.toString()).addClass("js-error")) | |||
|
361 | .html() | |||
355 | ); |
|
362 | ); | |
356 | } |
|
363 | } | |
357 | this.element.find('div.text_cell_input').hide(); |
|
364 | this.element.find('div.text_cell_input').hide(); | |
@@ -531,7 +538,8 b' var IPython = (function (IPython) {' | |||||
531 | .attr('href', '#' + hash) |
|
538 | .attr('href', '#' + hash) | |
532 | .text('¶') |
|
539 | .text('¶') | |
533 | ); |
|
540 | ); | |
534 |
|
541 | // TODO: This HTML needs to be treated as potentially dangerous | ||
|
542 | // user input and should be handled before set_rendered. | |||
535 | this.set_rendered(h); |
|
543 | this.set_rendered(h); | |
536 | this.typeset(); |
|
544 | this.typeset(); | |
537 | this.element.find('div.text_cell_input').hide(); |
|
545 | this.element.find('div.text_cell_input').hide(); |
@@ -373,6 +373,7 b' var IPython = (function (IPython) {' | |||||
373 | this.tooltip.fadeIn('fast'); |
|
373 | this.tooltip.fadeIn('fast'); | |
374 | this.text.children().remove(); |
|
374 | this.text.children().remove(); | |
375 |
|
375 | |||
|
376 | // Any HTML within the docstring is escaped by the fixConsole() method. | |||
376 | var pre = $('<pre/>').html(utils.fixConsole(docstring)); |
|
377 | var pre = $('<pre/>').html(utils.fixConsole(docstring)); | |
377 | if (defstring) { |
|
378 | if (defstring) { | |
378 | var defstring_html = $('<pre/>').html(utils.fixConsole(defstring)); |
|
379 | var defstring_html = $('<pre/>').html(utils.fixConsole(defstring)); |
General Comments 0
You need to be logged in to leave comments.
Login now