[IPython-dev] "Freezing" dynamic content with nbconvert, was ANN: Exhibitionist
yoval p.
y-p at gmx.com
Thu Mar 7 11:48:51 EST 2013
Hi,
I've been giving matthias's comment some thought re nbviewer support
for javascript views, and also considered the intention of disabling javascript
due to security-concerns.
Here is a solution to both issues that I'd like to suggest:
There's a need to separate static HTML from HTML bearing
javascript which might only be renderabe dynamically, call it dynamic HTML.
My suggestion is that the display protocol be modified so that the semantics of
`_repr_html_` would mean static HTML only, and a new `_repr_jshtml_` (however named)
magic method would be supported, under which objects would implement
dynamic views.
This provides the following benefits:
- Objects can provide HTML representation of themselves suiting
the environment they are in. It's the front end that chooses the
representation it supports. So there will be no further need to sniff
qtconsole vs. IPNB via `get_ipython().config`.
In particular, nbviewer could leverage this to allow even dynamic views
to gracefully degrading in order to cooperate.
- For security reasons, the use of '_repr_jshtml_' view by IPYthon would be behind
an opt-in mechanism, and the static `_repr_html_` would be sanitized/sandboxed.
The IPython.core.display functions could be extended accordingly to
obey the currently active security policy.
Thoughts?
Yoval
Matthias BUSSONNIER write:> Hi y-p ! > > Look really nice ! > > Did not have time to look into the source right now, but I'll definitively will. > Do you think the data exchanged with the kernel in some cases could be store either in the metadata of cells, > or in the Json representation of displayed object ? > > If we do this and by carefully crafting the "js plugin" they could be loaded by nbviewer and read sone data in the dom injected. > Which would allow a limited interactivity on nbviewer. > > Do you rely on display_javascript for the initial loading of javascript ? or inject <script> tag in a display HTML > If you do , this can be problematic in the future. > > -- > Matthias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ipython-dev/attachments/20130307/cb9ebe91/attachment.html>
More information about the IPython-dev
mailing list