代码之家 › 专栏 › 技术社区 › Jason S

IPython notebook markdown--允许的HTML标记列表是什么,如何更改它们?

ipython-notebook jupyter-notebook svg html

Jason S · 技术社区 · 7 年前

<img> <object> 包含SVG文件,但它不会显示在IPython笔记本输出中。我仔细检查了IPython笔记本和 <对象(>); IPython笔记本服务器不提供标签。看起来像 <iframe> 标签也已消毒。

<对象(>); 和 <iframe>

我找到了Jupyter的 security.js 但不确定这是在服务器上还是在客户端上运行,也不确定如何更改它。

1 回复 | 直到 7 年前

Jason S 7 年前

var sanitize_html = function (html, allow_css) {
    /**
     * sanitize HTML
     * if allow_css is true (default: false), CSS is sanitized as well.
     * otherwise, CSS elements and attributes are simply removed.
     */
    var html4 = caja.html4;

    if (allow_css) {
        // allow sanitization of style tags,
        // not just scrubbing
        html4.ELEMENTS.style &= ~html4.eflags.UNSAFE;
        html4.ATTRIBS.style = html4.atype.STYLE;
    } else {
        // scrub all CSS
        html4.ELEMENTS.style |= html4.eflags.UNSAFE;
        html4.ATTRIBS.style = html4.atype.SCRIPT;
    }

    /* BEGIN NEW CODE */
    var whitelist_key = html.match(/<span class="whitelist:([0-9A-Za-z-_]+)"\s+\/?>/)
    if (whitelist_key && whitelist_key[1]== /* password goes here */)
    {
        console.log("whitelist ok");
        html4.ELEMENTS.object &= ~html4.eflags.UNSAFE;
        html4.ATTRIBS['iframe::src'] = 0; 
        html4.ATTRIBS['object::data'] = 0; 
        html4.ATTRIBS['object::type'] = 0; 
    }
    /* END NEW CODE */