New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor notebook templates to use Jinja2 #2363
Conversation
Thanks for working on this! I am still +1 on moving to jinja2 but haven't had the chance to review the code yet. One thing to keep in mind is that we are eventually going to move to a model where each page or web service in the web app has its own subdirectories with its templates, js, CSS and handlers. that is part of the reason I wanted to move to ninja is that it makes that easier. But that will probably be in a later PR. |
Whoops still learning github. I tried re-arranging folders, but I usually ended up with something that seemed less organized than when I started and had lots of duplicates. I'm still figuring out the internals of the tornado/ipython/javascript interplay and how to best organize all that with jinja2. |
Let's save the folder rearranging to a later PR. On Sat, Sep 1, 2012 at 11:06 AM, Cameron Bates notifications@github.comwrote:
Brian E. Granger |
I'll still wait for @ellisonbg full review, but it's ok for me. |
@ellisonbg I have another commit to check the notebook metadata for an alternative notebook.html location. Should this be it's own PR? |
Can you describe a bit more about what you mean? On Tue, Sep 25, 2012 at 1:18 PM, Cameron Bates notifications@github.comwrote:
Brian E. Granger |
The commit is at: c05ad05. It checks for the template metadata object in a notebook when loaded and render the notebook using notebook.html in the provided absolute directory. |
Cameron, Hi, on had a quick look at this and, unless I don't understand what this is
Also, from a philosophical perspective, we need to keep a very long term, But the bigger question is this: why do you want this capability? Maybe One final note about design ideas for the notebook. We want to minimize Note that moving to jinja2 will help us build a more modular code base - On Tue, Sep 25, 2012 at 1:53 PM, Cameron Bates notifications@github.comwrote:
Brian E. Granger |
Good to know. I was just exploring this as an alternative to putting html + javascript in a markdown cell because I am having issues when I accidentally render the markdown cell multiple times. I am running into this when adding javascript timers to markdown cells because there is no way to know the cell is being re-rendered and the old javascript continues to run. |
We are likely going to disallow JavaScript in markdown cells, so I would On Tue, Sep 25, 2012 at 11:07 PM, Cameron Bates notifications@github.comwrote:
Brian E. Granger |
Le 26 sept. 2012 à 21:15, Brian E. Granger a écrit :
I don't think disabling is neither good solution, nor a solution at all. The only reliable way would be : There is no way we wish to go back to 1. or display Js is useless. With 2 js would be restricted in it's div with no way of leaking outside. The timeout would be killed on MD regeneration. I don't know if it is possible, but we could even listen on wether the iframe is trying to access parent window, and make it red with a allow it ? [yes], [No], [What are the risks]."Matthias
|
Matthias, There are multiple layers of vulnerability here: a) A user loading a notebook (but not running anything) and at load As far as (a) is concerned, it should never ever happen. The problem with Solving (b) is both easier and more difficult to solve: It is easier because <B) can only happen as a result of a direct user But, the fact the Js code can be dynamically generated and run in the
Here is my current thinking on the issue.
But I think we need to investigate exactly what the limitations of iframes But, being security, I also worry that I am drastically misunderstanding I don't know if it is possible, but we could even listen on wether the
Brian E. Granger |
From my phone, so sorry if short. I will look at the code again, but i think you missrepresent the difference Display_js does indead eval js which is not reexecuted at load time vs Whatever cell you wish to target you just have to create a script in its As for html5 iframe. By default they disallow js. One can pass a flag to Though, i don't know wether you can selectively give acces to only some js |
Matthias, You raise very good points, replies inline... On Thu, Sep 27, 2012 at 12:46 AM, Bussonnier Matthias <
Brian E. Granger |
@ellisonbg , back on original PR. After i'll like to start introducing bootrap one step at a time, so the sooner everything nbrelated is merged, the better. |
@@ -210,27 +213,29 @@ class ProjectDashboardHandler(AuthenticatedHandler): | |||
def get(self): | |||
nbm = self.application.notebook_manager | |||
project = nbm.notebook_dir | |||
self.render( | |||
'projectdashboard.html', project=project, | |||
env = Environment(loader=FileSystemLoader(os.path.join(os.path.dirname(__file__), "templates"))) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There should only be one env
instance that is created by the application object and used by the different handlers.
Pinging the status of this one. the 2 point to fix are : static_url macro discussion, which is fine for me if the |
This does not merge cleanly anymore. |
Sorry, been really busy since Sept. I'll pull from head and look into what needs to be done sometime this week. |
Thanks that would be great, I don't think it should be too much work. |
This one has been rebase and merge cleanly again ! Yay !
+1 for merging, Reserve on |
OK, I will do a final review and then we can merge this. |
|
||
|
||
@property | ||
def environment(self): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But wait, unless I am misunderstanding something, I think this property has the same problems as before:
- Each handler instance will have its own Environment.
- That environment is recreated everytime the property is accessed.
I think the environment creation logic needs to be moved to the Notebook Application object, and the handlers would then access it as self.application.jinja2_env
. Does this make sense? I want to make sure that one and only one of these environments is created per notebook process.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ellisonbg yeah I didn't have that good of an understanding of how the whole tornado notebook web application + handlers worked, I think the new commit is the solution you were looking for.
self.render( | ||
'projectdashboard.html', project=project, | ||
project = nbm.notebook_dir | ||
nb = self.application.jinja2_env.get_template('projectdashboard.html') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the various handlers when you grab the template, you call the variable nb
as in "notebook", but the templates are most often for non-notebook pages. Can you rename these local variables to t
or temp
or template
to not confuse future devs.
@crbates Yes, this is it exactly. There is just one more change (super minor) that I just commented on and then we can merge. Great work! |
Perfect last comment has been fixed, I'm going to merge this ! |
Refactor notebook templates to use Jinja2
Looks like login.html needs to be updated as well. I'm getting an error about closing with end instead of endblock. Mysteriously, it works fine on a different computer with the same version of ipython. The only difference is that in one version I use an encrypted version of the notebook and in the other it's not encrypted. |
@Carreau, do you think you can fix this one? On Mon, Dec 17, 2012 at 12:18 PM, Phillip Cloud notifications@github.comwrote:
Brian E. Granger |
So I've narrowed it down to something with the encryption. I can use the notebook over an unencrypted connection but not over an encrypted connection. Don't have time right now to fully debug. |
Yeah just fixed and tested password protected/encrypted notebooks. see #2699 |
Refactor notebook templates to use Jinja2
This is a new version of PR #2354 (squashing commits and then pushing made github very angry) that closes the first part of #1585