From ef0f3b9c0e1d1a59d77e20e64d2b957420cc6d9a Mon Sep 17 00:00:00 2001
From: Matthias Bussonnier <bussonniermatthias@gmail.com>
Date: Wed, 30 Dec 2015 11:28:17 +0100
Subject: [PATCH] Do not allow `<` in url.

fix #904
---
 notebook/static/base/js/utils.js          | 2 +-
 notebook/static/notebook/js/outputarea.js | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/notebook/static/base/js/utils.js b/notebook/static/base/js/utils.js
index b3872ae59..8775a8f79 100644
--- a/notebook/static/base/js/utils.js
+++ b/notebook/static/base/js/utils.js
@@ -370,7 +370,7 @@ define([
 
     // Locate any URLs and convert them to a anchor tag
     function autoLinkUrls(txt) {
-        return txt.replace(/(^|\s)(https?|ftp)(:[^'">\s]+)/gi,
+        return txt.replace(/(^|\s)(https?|ftp)(:[^'"<>\s]+)/gi,
             "$1<a target=\"_blank\" href=\"$2$3\">$2$3</a>");
     }
 
diff --git a/notebook/static/notebook/js/outputarea.js b/notebook/static/notebook/js/outputarea.js
index 600484ba3..161efc115 100644
--- a/notebook/static/notebook/js/outputarea.js
+++ b/notebook/static/notebook/js/outputarea.js
@@ -684,7 +684,7 @@ define([
                 img.addClass('unconfined');
             }
         });
-    };
+    }
     
     var set_width_height = function (img, md, mime) {
         /**