search

jupyter / notebook

Jupyter Interactive Notebook
https://jupyter-notebook.readthedocs.io/
BSD 3-Clause "New" or "Revised" License
11.65k stars 4.91k forks source link

Non-http URL schemes in Markdown cells #189

Open damiendr opened 9 years ago

damiendr commented 9 years ago

I use URLs like these to link to scientific papers in my Papers2 library: papers2://publication/citekey/Polsky:2004jc

In the notebook, the following results in a clickable URL:

%%HTML
<a href="papers2://publication/citekey/Polsky:2004jc">Polsky:2014jc</a>

But in a Markdown cell, this doesn't work (link is underlined but nothing happens when clicked):

[Polsky:2004jc](papers2://publication/citekey/Polsky:2004jc)

Indeed the page source shows it was rendered as <a>Polsky:2004jc</a>. Changing the scheme to http causes a href attribute to appear (not fit for the original purpose obviously).

I tested it in the current version of marked and the link renders properly. Is that a security setting? The notebook is trusted.

minrk commented 9 years ago

This is likely due to the sanitization by caja. We should investigate whether it is doing protocol whitelisting, and if we can disable it.

JamiesHQ commented 7 years ago

@minrk : hi there- do you have any updates on this bug report? Does the bug still exist or can this issue be closed? Thanks!

mpacer commented 7 years ago

How is the current attachment: protocol being handled? Is that a fundamentally different problem since it's related to mimetypes?

gnestor commented 6 years ago

Would it compromise notebook security to allow a elements with any href value? If not, simply adding a ATTRIBS['a::href'] = 0; after this line will do the trick...