Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow linear-gradient in background-image html styling within Markdown cells #12093

Closed
gutow opened this issue Feb 19, 2022 · 4 comments · Fixed by #12276
Closed

allow linear-gradient in background-image html styling within Markdown cells #12093

gutow opened this issue Feb 19, 2022 · 4 comments · Fixed by #12276
Labels
bug pkg:apputils

Comments

@gutow
Copy link

gutow commented Feb 19, 2022
edited

Description

Styling such as style="background-image:linear-gradient(green,blue);" within the styling of div or other element specified within a markdown cell is not rendered. Plain background images are rendered.

Unless there is a security issue I am unaware of, I think gradient styling should be allowed.

Reproduce

Enter the following in a markdown cell and run it to render:

<div style = "height: 20px; width:100%; background-image:linear-gradient(green,blue);"></div>
<div style = "height: 20px; width:100%; background-color:blue;"></div>

The first will not be shown, but the second will.

Expected behavior

The expected behavior is that the gradient will be rendered.

Context

  • Operating System and version: all
  • Browser and version: at least Chrome and Firefox
  • JupyterLab version: 3.1.1 (latest I could get to launch in Binder from the repositories).
@gutow gutow added the bug label Feb 19, 2022
@welcome
Copy link

welcome bot commented Feb 19, 2022

Thank you for opening your first issue in this project! Engagement like this is essential for open source projects! 🤗

If you haven't done so already, check out Jupyter's Code of Conduct. Also, please try to follow the issue template as it helps other other community members to contribute more effectively.
welcome
You can meet the other Jovyans by joining our Discourse forum. There is also an intro thread there where you can stop by and say Hi! 👋

Welcome to the Jupyter community! 🎉

@jupyterlab-probot jupyterlab-probot bot added the status:Needs Triage Applied to new issues that need triage label Feb 19, 2022
@fcollonval fcollonval added tag:Extension Idea Ideas for interesting extensions that live outside of JupyterLab core. and removed status:Needs Triage Applied to new issues that need triage labels Feb 23, 2022
@fcollonval
Copy link
Member

The sanitizer forbids the usage of background-image as it could bring external file through url definition. A way around would be to define an extension that overrides the ISanitizer token by providing a custom sanitizer.

@fcollonval fcollonval added status:Answered The issue has been answered by a community member. and removed bug labels Feb 23, 2022
@fcollonval fcollonval mentioned this issue Feb 23, 2022
Closed
@krassowski krassowski added bug and removed tag:Extension Idea Ideas for interesting extensions that live outside of JupyterLab core. status:Answered The issue has been answered by a community member. labels Feb 23, 2022
@krassowski
Copy link
Member

krassowski commented Feb 23, 2022
edited

@fcollonval i don't believe this is the case. Sanitizer does allow background-image. It only does not know that linear-gradient is a valid property because the allowlist was not updated in a long time:

jupyterlab/packages/apputils/src/sanitizer.ts

Line 247 in 047fbe7

background_image: `${CssProp.C.bg_image}(,\\s*${CssProp.C.bg_image})*`,

jupyterlab/packages/apputils/src/sanitizer.ts

Line 117 in 047fbe7

bg_image: `(${CssProp.B.url}|${CssProp._C1.image_list})|none`,

For context:

jupyterlab/packages/apputils/src/sanitizer.ts

Lines 14 to 15 in 047fbe7

* The regular expressions are largly based on the syntax definition found at
* https://developer.mozilla.org/en-US/docs/Web/CSS.

See additional discussion in jupyter/notebook#6270 (comment)

@fcollonval
Copy link
Member

Thanks for the detailed information @krassowski
This is then a valid bug.

@krassowski krassowski mentioned this issue Mar 25, 2022
Merged
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 31, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug pkg:apputils
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Allow linear and radial gradient krassowski/jupyterlab
3 participants
@gutow @krassowski @fcollonval