Merge pull request #910 from Carreau/fix-#904

Do not allow `<` in url.

notebook/static/base/js/utils.js

@@ -370,7 +370,7 @@ define([
 
     // Locate any URLs and convert them to a anchor tag
     function autoLinkUrls(txt) {
-        return txt.replace(/(^|\s)(https?|ftp)(:[^'">\s]+)/gi,
+        return txt.replace(/(^|\s)(https?|ftp)(:[^'"<>\s]+)/gi,
             "$1<a target=\"_blank\" href=\"$2$3\">$2$3</a>");
     }
 

notebook/static/notebook/js/outputarea.js

@@ -684,7 +684,7 @@ define([
                 img.addClass('unconfined');
             }
         });
-    };
+    }
     
     var set_width_height = function (img, md, mime) {
         /**