71d4c427c9
refactor to improve cell switching in edit mode
...
This code was repeated in both CodeCell and TextCell, both of which are
extensions of Cell, so this just unifies the logic in Cell.
TextCell had logic here to check if the cell was rendered or not, but I
don't believe it is possible to end up triggering such a code path.
(Should that be required, I can always just add back these methods to
TextCell, performing the .rendered==True check, and calling the Cell
prior to this, code mirror at_top would only return true on if the
cursor was at the first character of the top line. Now, pressing up
arrow on any character on the top line will take you to the cell above.
The same applies for the bottom line. Pressing down arrow would only go
to the next cell if the cursor was at a location *after* the last
character (something that is only possible to achieve in vim mode if the
last line is empty, for example). Now, down arrow on any character of
the last line will go to the next cell.
12 years ago
8889a7581c
start better keyboard handling
12 years ago
1407b4347e
Merge pull request #5268 from ellisonbg/cmd-mode
...
Refactoring Notebook.command_mode
12 years ago
aaedd1a311
Merge pull request #5283 from takluyver/widget-del
...
Remove Widget.closed attribute
12 years ago
95dc697e3b
Remove Widget.closed attribute
...
Closes gh-5282
12 years ago
7d87978a66
fix a typo introduced by a rebased PR
...
caused heading cells to appear in both rendered and unrendered state
12 years ago
de9b5b907e
Fab CSS
12 years ago
72864cc83c
append Firefox overflow-x fix
12 years ago
3588fe40a9
Merge Security Pull Request: google-caja
...
Adds HTML sanitization.
The basics:
- untrusted HTML is always sanitized, with no warning
(there is console logging for changes made)
- markdown is always treated as untrusted
- no warnings for simply excluded output (e.g. Javascript)
- CSS tags and attributes are always stripped from untrusted HTML
- never check whether HTML is "safe," only sanitize
- add 'Trust notebook' to File menu
12 years ago
54e1558c16
make trust notebook dialog a single paragraph
12 years ago
8cd744db85
mention that Trust triggers reload
12 years ago
9396619f9d
security.js docstrings
12 years ago
4e0a2ee476
Make sure we are in command mode before we select a new cell.
12 years ago
8d38e042df
Merge pull request #5158 from ivanov/fix-5157
...
log refusal to serve hidden directories
12 years ago
d8f2e320f2
trust method docstrings
12 years ago
d5b0026cf1
trust via mark cells and save, rather than trust API request
12 years ago
e7f3c05d28
remove unused get_attr_names
12 years ago
6792d38215
log excluded untrusted output
12 years ago
aaefc5f296
remove warning for stripped output
12 years ago
b5c8a51331
disable trust notebook menu item on trusted notebooks
12 years ago
c9c23cd71c
cleanup test_nbmanager
...
use class setUp / teardown instead of the same context manager in every test
12 years ago
1ae689f30c
Add Trust Notebook to File menu
12 years ago
46665483ed
remove struct-returning sanitize
...
only keep str-str sanitization
12 years ago
d4780c2cfc
remove security.is_safe
12 years ago
d59e44a190
default to allow_css = false
12 years ago
4d35660f3c
sanitize CSS
...
rather than removing it entirely
12 years ago
d7b1e8b45b
test style
12 years ago
5f7f1c51ec
remove unused security warning
12 years ago
c49f04545a
don't use `result.safe` to communicate incomplete information
12 years ago
028ce17c62
fix tagName comparison
12 years ago
a7dc526b2b
testing for sanitize
12 years ago
3897b1c39f
don't populate sanitized.safe by default
...
since it's potentially expensive.
walk nodes in is_safe
12 years ago
6384502e47
sanitize untrusted HTML output
...
rather than checking is_safe
12 years ago
3d0957c7bc
trust latex
...
If mathjax is insecure, we have big problems.
And we already trust mathjax in markdown cells,
so this is consistent.
12 years ago
4b01948200
check trust of data-attributes in sanitization
12 years ago
367b4f85c2
wrap caja.sanitizeAttribs to trust data-* attributes
12 years ago
c298670a4b
use html-sanitizer instead of html-css
...
always scrub css (for now)
12 years ago
eec5d427a4
add cmp_tree, in case caja log can't be trusted
...
(spoiler: it can't)
12 years ago
0da66543a0
move security js test
12 years ago
890c0be1dd
always sanitize markdown
...
don't check if it's safe or not
12 years ago
2a0451fdde
use google-caja for sanitization
12 years ago
07cdb1e195
Adding first round of security tests of is_safe.
12 years ago
3b262912a1
Display safe HTML+SVG even if untrusted, but don't set trusted=1.
12 years ago
31c9e08fa8
Don't render insecure Markdown and show warning.
12 years ago
fa3f998295
Adding security.js with 1st attempt at is_safe.
12 years ago
6f4263dc74
Removing conditionals that are not needed.
12 years ago
6c8cccf9e3
fix test suite
...
is_hidden expects the file to actually exist, so I've rearranged the
logic such that is_hidden is called only after it's clear that the file
exists.
12 years ago
e374ca5ebb
Refactoring Notebook.command_mode.
12 years ago
9c5f9e3a35
Merge pull request #5265 from ellisonbg/timeout-error
...
Missing class def for TimeoutError
12 years ago
c6ddfbd0bf
Merge pull request #5267 from minrk/normalize-paths
...
normalize unicode in notebook API tests
12 years ago
Paul Ivanov
Brian E. Granger
Min RK
Thomas Kluyver
Jonathan Frederic
juhasch