You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Quite surprisingly, instead of a HTML string snippet, IPython actually loads a local file or a remote site if anything suitable is found.
fromIPython.core.displayimportdisplay, HTML# This does what I would expectdisplay(HTML("<h1>Hello</h1>"))
# These are quite scarydisplay(HTML("/etc/passwd"))
display(HTML("https://google.com/"))
I found out about this feature when I tried to print text foo and the system hung because I happened to have a special file by that name in the current folder. The relevant code is in IPython/core/display.py:608.
It would be far more secure if there were separate types or kwargs for displaying files and URLs.
The text was updated successfully, but these errors were encountered:
This has been unfortunately baked in fo several years, and as you point out from the source they are differents args/kwarrgs, you can do display(HTML(url="https://google.com/")) and it will force it to be intepreted a URL.
I suppose it isn't possible to specify data by kwarg so that it won't be interpreted as something else? In any case, it might be better to deprecate and eventually move on rather than keep it forever.
Quite surprisingly, instead of a HTML string snippet, IPython actually loads a local file or a remote site if anything suitable is found.
I found out about this feature when I tried to print text
foo
and the system hung because I happened to have a special file by that name in the current folder. The relevant code is inIPython/core/display.py:608
.It would be far more secure if there were separate types or kwargs for displaying files and URLs.
The text was updated successfully, but these errors were encountered: