From a03cbb8a8d04d47aefec51e7b1b816045682aed5 Mon Sep 17 00:00:00 2001 From: martinRenou Date: Thu, 28 Jul 2022 14:27:38 +0200 Subject: [PATCH] GHSL-2021-1026, GHSL-2021-1025 Also removing the block data_widget_state which is never used (leftover from an old implementation), making GHSL-2021-1025 irrelevant --- .../tests/files/notebook_inject.ipynb | 21 +++++++++++++++++-- nbconvert/exporters/tests/test_html.py | 3 +++ .../nbconvert/templates/classic/base.html.j2 | 16 +------------- .../nbconvert/templates/lab/base.html.j2 | 16 +------------- 4 files changed, 24 insertions(+), 32 deletions(-) diff --git a/nbconvert/exporters/tests/files/notebook_inject.ipynb b/nbconvert/exporters/tests/files/notebook_inject.ipynb index bfd2163cd..fd5e94bba 100644 --- a/nbconvert/exporters/tests/files/notebook_inject.ipynb +++ b/nbconvert/exporters/tests/files/notebook_inject.ipynb @@ -159,7 +159,7 @@ { "cell_type": "code", "execution_count": null, - "id": "d72e635a", + "id": "ae4f574d", "metadata": {}, "outputs": [ { @@ -174,6 +174,23 @@ } ], "source": [""] + }, + { + "cell_type": "code", + "execution_count": null, + "id": "w72e635a", + "metadata": {}, + "outputs": [ + { + "output_type": "execute_result", + "data": { + "application/vnd.jupyter.widget-view+json": {"model_id": "wid1", "foo": "\"" not in output assert "" not in output + + # Check injection in widget view + assert " - - -{%- endblock data_widget_state -%} - {%- block data_widget_view scoped %} {% set div_id = uuid4() %} {% set datatype_list = output.data | filter_data_type %} @@ -264,7 +250,7 @@ var element = $('#{{ div_id }}'); var element = $('#{{ div_id }}'); {%- endblock data_widget_view -%} diff --git a/share/jupyter/nbconvert/templates/lab/base.html.j2 b/share/jupyter/nbconvert/templates/lab/base.html.j2 index 0180bbac0..ea56cda9e 100644 --- a/share/jupyter/nbconvert/templates/lab/base.html.j2 +++ b/share/jupyter/nbconvert/templates/lab/base.html.j2 @@ -273,20 +273,6 @@ var element = document.getElementById('{{ div_id }}'); {%- endblock -%} -{%- block data_widget_state scoped %} -{% set div_id = uuid4() %} -{% set datatype_list = output.data | filter_data_type %} -{% set datatype = datatype_list[0]%} -
- - -
-{%- endblock data_widget_state -%} - {%- block data_widget_view scoped %} {% set div_id = uuid4() %} {% set datatype_list = output.data | filter_data_type %} @@ -296,7 +282,7 @@ var element = document.getElementById('{{ div_id }}'); var element = document.getElementById('{{ div_id }}'); {%- endblock data_widget_view -%}