The top buttons of feedback are not stable

[brichet]

When navigating into a feedback document, there is a Top button on each cell, to go to the top of the document.

The HTML needs to be trusted to display Mathjax correctly (up-left button of the document). When the HTML is trusted, it seems the Top buttons do not work anymore, and require a token to carry on.

Clicking again on the trust button fix it.

Operating system

Ubuntu 22.04

nbgrader --version

0.9.1

jupyter --version

jupyterlab 4.0.5 notebook 7.0.3

Expected behavior

Navigate to the top of the document when clicking on top button.

[jeflem]

TOC links (that is, 'down') also do not work. Immediately after opening the HTML file browser console shows

Blocked script execution in 'blob:https://my-domain.com/4ecdde7e-8a8a-4017-8830-4349fa87e291' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.

After clicking a TOC link or 'top' the console shows

Refused to frame 'https://my-domain.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'".

This might be related to #1870 or at least a similar solution could work. Haven't tried yet.

[jeflem]

Turns out that my link problem in feedback files is a more general problem with links in HTML files if JupyterLab is running on a JupyterHub. Even simple HTML files fail:

<html>
    <head>
        <title>Test</title>
    </head>
    <body>
        <a href="#test">Test</a>
        <h1 id="test">Test</h1>
    </body>
</html>

Clicking the link yields console messages described in my previous post (with and without trusting HTML).