Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Contents of inline html should be parsed? #51

Closed
wants to merge 1 commit into from
Closed

Contents of inline html should be parsed? #51

wants to merge 1 commit into from

Conversation

bollwyvl
Copy link

Turns out the fix of #38 didn't fix the nbviewer downstream issue (jupyter/nbviewer#458). He's using <center>, which is another store, but is expose with more normal tags like <a> as in the test case.

From our point of view, this is a bug as marked (used in the live notebook) will indeed render this as a user expects. If that's not the case here, we'll need to figure out some way to add the behavior, but that is some fearsome regexen there... though the new one is cleaner!

@lepture
Copy link
Owner

lepture commented May 28, 2015

@bollwyvl I've changed the way to handle inline html.

Before this commit: 19a8c39 , it will render text in the inline html. After this commit, it won't: cfda325

@lepture
Copy link
Owner

lepture commented May 29, 2015

@bollwyvl It is changed to not parse anything in inline html.

@lepture
Copy link
Owner

lepture commented Jun 17, 2015

It is intended to be like this.

@lepture lepture closed this Jun 17, 2015
This was referenced Jun 18, 2015
Closed
Closed
@lepture
Copy link
Owner

lepture commented Jun 19, 2015

FYI. I've add an option to change the behavior:

Here is the test case:

https://github.com/lepture/mistune/blob/master/tests/test_cases.py#L119

@bollwyvl
Copy link
Author

Hm, looks like turning on parse_html indeed parses the contents of the tag... but also escapes the wrapping html:
http://nbviewer.ipython.org/gist/anonymous/ce036f4a23a390fc9a20

@lepture
Copy link
Owner

lepture commented Jun 21, 2015

@bollwyvl There is an escape option to control this behavior in block_html and inline_html renderers.

parse_html=True and escape=False can be dangerous, it requires some work to prevent xxs attack.

@bollwyvl
Copy link
Author

Thanks for the reply! There are a lot of moving parts here! I'll see if i
can get to something that makes sense in the context in which I'm trying to
use it, namely nbviewer, which is basically the wild west: whether
nbconvert turns it on by default is another story...

On 21:51, Sat, Jun 20, 2015 Hsiaoming Yang notifications@github.com wrote:

@bollwyvl https://github.com/bollwyvl There is an escape option to
control this behavior in block_html and inline_html renderers.

parse_html=True and escape=False can be dangerous, it requires some work
to prevent xxs attack.


Reply to this email directly or view it on GitHub
#51 (comment).

@lepture
Copy link
Owner

lepture commented Jun 21, 2015

@bollwyvl Maybe you don't need to turn off escape option. It would be better with a custom renderer, and in this renderer, you can strip the script:

def block_html(self, html):
    html = fix_for_xxs(html)
    return html

@lepture lepture mentioned this pull request Jun 27, 2015
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bollwyvl @lepture