MinRK
|
8cd744db85
|
mention that Trust triggers reload
|
12 years ago |
|
MinRK
|
9396619f9d
|
security.js docstrings
|
12 years ago |
|
MinRK
|
d8f2e320f2
|
trust method docstrings
|
12 years ago |
|
MinRK
|
d5b0026cf1
|
trust via mark cells and save, rather than trust API request
|
12 years ago |
|
MinRK
|
e7f3c05d28
|
remove unused get_attr_names
|
12 years ago |
|
MinRK
|
6792d38215
|
log excluded untrusted output
|
12 years ago |
|
MinRK
|
aaefc5f296
|
remove warning for stripped output
|
12 years ago |
|
MinRK
|
b5c8a51331
|
disable trust notebook menu item on trusted notebooks
|
12 years ago |
|
MinRK
|
c9c23cd71c
|
cleanup test_nbmanager
use class setUp / teardown instead of the same context manager in every test
|
12 years ago |
|
MinRK
|
1ae689f30c
|
Add Trust Notebook to File menu
|
12 years ago |
|
MinRK
|
46665483ed
|
remove struct-returning sanitize
only keep str-str sanitization
|
12 years ago |
|
MinRK
|
d4780c2cfc
|
remove security.is_safe
|
12 years ago |
|
MinRK
|
d59e44a190
|
default to allow_css = false
|
12 years ago |
|
MinRK
|
4d35660f3c
|
sanitize CSS
rather than removing it entirely
|
12 years ago |
|
MinRK
|
d7b1e8b45b
|
test style
|
12 years ago |
|
MinRK
|
5f7f1c51ec
|
remove unused security warning
|
12 years ago |
|
MinRK
|
c49f04545a
|
don't use `result.safe` to communicate incomplete information
|
12 years ago |
|
MinRK
|
028ce17c62
|
fix tagName comparison
|
12 years ago |
|
MinRK
|
a7dc526b2b
|
testing for sanitize
|
12 years ago |
|
MinRK
|
3897b1c39f
|
don't populate sanitized.safe by default
since it's potentially expensive.
walk nodes in is_safe
|
12 years ago |
|
MinRK
|
6384502e47
|
sanitize untrusted HTML output
rather than checking is_safe
|
12 years ago |
|
MinRK
|
3d0957c7bc
|
trust latex
If mathjax is insecure, we have big problems.
And we already trust mathjax in markdown cells,
so this is consistent.
|
12 years ago |
|
MinRK
|
4b01948200
|
check trust of data-attributes in sanitization
|
12 years ago |
|
MinRK
|
367b4f85c2
|
wrap caja.sanitizeAttribs to trust data-* attributes
|
12 years ago |
|
MinRK
|
c298670a4b
|
use html-sanitizer instead of html-css
always scrub css (for now)
|
12 years ago |
|
MinRK
|
eec5d427a4
|
add cmp_tree, in case caja log can't be trusted
(spoiler: it can't)
|
12 years ago |
|
MinRK
|
0da66543a0
|
move security js test
|
12 years ago |
|
MinRK
|
890c0be1dd
|
always sanitize markdown
don't check if it's safe or not
|
12 years ago |
|
MinRK
|
2a0451fdde
|
use google-caja for sanitization
|
12 years ago |
Brian E. Granger
|
07cdb1e195
|
Adding first round of security tests of is_safe.
|
12 years ago |
|
Brian E. Granger
|
3b262912a1
|
Display safe HTML+SVG even if untrusted, but don't set trusted=1.
|
12 years ago |
|
Brian E. Granger
|
31c9e08fa8
|
Don't render insecure Markdown and show warning.
|
12 years ago |
|
Brian E. Granger
|
fa3f998295
|
Adding security.js with 1st attempt at is_safe.
|
12 years ago |
Thomas Kluyver
|
9c5f9e3a35
|
Merge pull request #5265 from ellisonbg/timeout-error
Missing class def for TimeoutError
|
12 years ago |
|
Brian E. Granger
|
c6ddfbd0bf
|
Merge pull request #5267 from minrk/normalize-paths
normalize unicode in notebook API tests
|
12 years ago |
|
Brian E. Granger
|
b1c87debde
|
Adding comment about this fix.
|
12 years ago |
|
MinRK
|
052955a84a
|
normalize unicode in notebook API tests
was failing comparison on OS X
|
12 years ago |
|
Brian E. Granger
|
dd55efc45d
|
Missing class def for TimeoutError.
|
12 years ago |
|
Brian E. Granger
|
92967c0baf
|
Addressing things in completer.js.
|
12 years ago |
|
Brian E. Granger
|
af7dd15181
|
Removing old keyboard handling from IPython.utils.
|
12 years ago |
|
Brian E. Granger
|
929f5bc8ea
|
Fixing references to IPython.keycodes.
|
12 years ago |
|
Brian E. Granger
|
c76ab1d836
|
Adding basic tests for keyboard.js
|
12 years ago |
|
Brian E. Granger
|
ec6ea72873
|
Adding utility functions.
|
12 years ago |
|
Brian E. Granger
|
ff1492f8c9
|
Creating new base/js/keyboard.js
|
12 years ago |
Jonathan Frederic
|
ede116bee7
|
Get cell after first conditional
|
12 years ago |
|
Jonathan Frederic
|
479bc6b37a
|
Check down too.
|
12 years ago |
|
Jonathan Frederic
|
bebe51c158
|
Don't allow edit mode up arrow to continue past index == 0
|
12 years ago |
|
Brian E. Granger
|
8c5b32c987
|
Merge pull request #5223 from minrk/tiny-images
use on-load event to trigger resizable images
|
12 years ago |
|
Min RK
|
fa6bbe66f3
|
Merge pull request #5153 from takluyver/dashboard-sorting
Dashboard sorting
closes #5151
closes #5152
|
12 years ago |
Matthias BUSSONNIER
|
a01c112b0f
|
allow custom headers on all pages
|
12 years ago |
