我使用IPython Notebook markdown来创建一个文档,它确实允许像<img>这样的HTML,但是我添加了<object>来包含一个SVG文件但它没有出现在IPython Notebook输出。我仔细检查了IPython Notebook的HTML源代码,并且IPython Notebook服务器不提供<object>标记。看起来<iframe>标签也会被清理。
当我将自己在IPython Notebook之外转换为HTML文件时,它可以正常工作。我需要做些什么才能将<object>和<iframe>添加到允许的HTML标记列表中吗?
我找到了Jupyter的security.js,但不确定这是在服务器还是客户端上运行,并且不确定如何更改它。
我也尝试了文件→信任笔记本,但也没有解决它。
答案 0 :(得分:0)
我monkeypatched site-packages / notebook / static / notebook / js / main.min.js的本地副本有这个:
var sanitize_html = function (html, allow_css) {
/**
* sanitize HTML
* if allow_css is true (default: false), CSS is sanitized as well.
* otherwise, CSS elements and attributes are simply removed.
*/
var html4 = caja.html4;
if (allow_css) {
// allow sanitization of style tags,
// not just scrubbing
html4.ELEMENTS.style &= ~html4.eflags.UNSAFE;
html4.ATTRIBS.style = html4.atype.STYLE;
} else {
// scrub all CSS
html4.ELEMENTS.style |= html4.eflags.UNSAFE;
html4.ATTRIBS.style = html4.atype.SCRIPT;
}
/* BEGIN NEW CODE */
var whitelist_key = html.match(/<span class="whitelist:([0-9A-Za-z-_]+)"\s+\/?>/)
if (whitelist_key && whitelist_key[1]== /* password goes here */)
{
console.log("whitelist ok");
html4.ELEMENTS.object &= ~html4.eflags.UNSAFE;
html4.ATTRIBS['iframe::src'] = 0;
html4.ATTRIBS['object::data'] = 0;
html4.ATTRIBS['object::type'] = 0;
}
/* END NEW CODE */
然后在我笔记本的单元格中添加<span class="whitelist:mypassword" />
现在可以使用了,我已经在github上打开了issue #2614。