Show More
@@ -481,6 +481,7 b' var IPython = (function (IPython) {' | |||
|
481 | 481 | } |
|
482 | 482 | this.input_prompt_number = number; |
|
483 | 483 | var prompt_html = CodeCell.input_prompt_function(this.input_prompt_number, nline); |
|
484 | // This HTML call is okay because the user contents are escaped. | |
|
484 | 485 | this.element.find('div.input_prompt').html(prompt_html); |
|
485 | 486 | }; |
|
486 | 487 |
@@ -343,7 +343,8 b' var IPython = (function (IPython) {' | |||
|
343 | 343 | // Insert the subarea into the iframe |
|
344 | 344 | // We must directly write the html. When using Jquery's append |
|
345 | 345 | // method, javascript is evaluated in the parent document and |
|
346 | // not in the iframe document. | |
|
346 | // not in the iframe document. At this point, subarea doesn't | |
|
347 | // contain any user content. | |
|
347 | 348 | this.contentDocument.write(subarea.html()); |
|
348 | 349 | |
|
349 | 350 | this.contentDocument.close(); |
@@ -370,12 +371,10 b' var IPython = (function (IPython) {' | |||
|
370 | 371 | // display a message when a javascript error occurs in display output |
|
371 | 372 | var msg = "Javascript error adding output!" |
|
372 | 373 | if ( element === undefined ) return; |
|
373 |
element |
|
|
374 | $('<div/>').html(msg + "<br/>" + | |
|
375 | err.toString() + | |
|
376 |
|
|
|
377 | ).addClass('js-error') | |
|
378 | ); | |
|
374 | element | |
|
375 | .append($('<div/>').text(msg).addClass('js-error')) | |
|
376 | .append($('<div/>').text(err.toString()).addClass('js-error')) | |
|
377 | .append($('<div/>').text('See your browser Javascript console for more details.').addClass('js-error')); | |
|
379 | 378 | }; |
|
380 | 379 | |
|
381 | 380 | OutputArea.prototype._safe_append = function (toinsert) { |
@@ -447,6 +446,8 b' var IPython = (function (IPython) {' | |||
|
447 | 446 | var pre = this.element.find('div.'+subclass).last().find('pre'); |
|
448 | 447 | var html = utils.fixCarriageReturn( |
|
449 | 448 | pre.html() + utils.fixConsole(text)); |
|
449 | // The only user content injected with this HTML call is | |
|
450 | // escaped by the fixConsole() method. | |
|
450 | 451 | pre.html(html); |
|
451 | 452 | return; |
|
452 | 453 | } |
@@ -548,6 +549,8 b' var IPython = (function (IPython) {' | |||
|
548 | 549 | if (extra_class){ |
|
549 | 550 | toinsert.addClass(extra_class); |
|
550 | 551 | } |
|
552 | // The only user content injected with this HTML call is | |
|
553 | // escaped by the fixConsole() method. | |
|
551 | 554 | toinsert.append($("<pre/>").html(data)); |
|
552 | 555 | element.append(toinsert); |
|
553 | 556 | return toinsert; |
@@ -164,6 +164,8 b' var IPython = (function (IPython) {' | |||
|
164 | 164 | } |
|
165 | 165 | |
|
166 | 166 | Pager.prototype.append_text = function (text) { |
|
167 | // The only user content injected with this HTML call is escaped by | |
|
168 | // the fixConsole() method. | |
|
167 | 169 | this.pager_element.find(".container").append($('<pre/>').html(utils.fixCarriageReturn(utils.fixConsole(text)))); |
|
168 | 170 | }; |
|
169 | 171 |
@@ -288,6 +288,8 b' var IPython = (function (IPython) {' | |||
|
288 | 288 | // make this value the starting point, so that we can only undo |
|
289 | 289 | // to this state, instead of a blank cell |
|
290 | 290 | this.code_mirror.clearHistory(); |
|
291 | // TODO: This HTML needs to be treated as potentially dangerous | |
|
292 | // user input and should be handled before set_rendered. | |
|
291 | 293 | this.set_rendered(data.rendered || ''); |
|
292 | 294 | this.rendered = false; |
|
293 | 295 | this.render(); |
@@ -343,15 +345,20 b' var IPython = (function (IPython) {' | |||
|
343 | 345 | math = text_and_math[1]; |
|
344 | 346 | var html = marked.parser(marked.lexer(text)); |
|
345 | 347 | html = $(IPython.mathjaxutils.replace_math(html, math)); |
|
346 |
// |
|
|
348 | // Links in markdown cells should open in new tabs. | |
|
347 | 349 | html.find("a[href]").not('[href^="#"]').attr("target", "_blank"); |
|
348 | 350 | try { |
|
351 | // TODO: This HTML needs to be treated as potentially dangerous | |
|
352 | // user input and should be handled before set_rendered. | |
|
349 | 353 | this.set_rendered(html); |
|
350 | 354 | } catch (e) { |
|
351 | 355 | console.log("Error running Javascript in Markdown:"); |
|
352 | 356 | console.log(e); |
|
353 |
this.set_rendered( |
|
|
354 | "Error rendering Markdown!<br/>" + e.toString()) | |
|
357 | this.set_rendered( | |
|
358 | $("<div/>") | |
|
359 | .append($("<div/>").text('Error rendering Markdown!').addClass("js-error")) | |
|
360 | .append($("<div/>").text(e.toString()).addClass("js-error")) | |
|
361 | .html() | |
|
355 | 362 | ); |
|
356 | 363 | } |
|
357 | 364 | this.element.find('div.text_cell_input').hide(); |
@@ -531,7 +538,8 b' var IPython = (function (IPython) {' | |||
|
531 | 538 | .attr('href', '#' + hash) |
|
532 | 539 | .text('¶') |
|
533 | 540 | ); |
|
534 | ||
|
541 | // TODO: This HTML needs to be treated as potentially dangerous | |
|
542 | // user input and should be handled before set_rendered. | |
|
535 | 543 | this.set_rendered(h); |
|
536 | 544 | this.typeset(); |
|
537 | 545 | this.element.find('div.text_cell_input').hide(); |
@@ -373,6 +373,7 b' var IPython = (function (IPython) {' | |||
|
373 | 373 | this.tooltip.fadeIn('fast'); |
|
374 | 374 | this.text.children().remove(); |
|
375 | 375 | |
|
376 | // Any HTML within the docstring is escaped by the fixConsole() method. | |
|
376 | 377 | var pre = $('<pre/>').html(utils.fixConsole(docstring)); |
|
377 | 378 | if (defstring) { |
|
378 | 379 | var defstring_html = $('<pre/>').html(utils.fixConsole(defstring)); |
General Comments 0
You need to be logged in to leave comments.
Login now