@jupyter-notebook/help-extension 7.6.0-alpha.4 → 7.6.0-alpha.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/index.js +37 -0
- package/package.json +6 -6
package/lib/index.js
CHANGED
|
@@ -30,6 +30,17 @@ var CommandIDs;
|
|
|
30
30
|
CommandIDs.open = 'help:open';
|
|
31
31
|
CommandIDs.about = 'help:about';
|
|
32
32
|
})(CommandIDs || (CommandIDs = {}));
|
|
33
|
+
// CVE-2026-40171 / GHSA-rch3-82jr-f9w9
|
|
34
|
+
function isUrlSafe(url) {
|
|
35
|
+
try {
|
|
36
|
+
const parsed = new URL(url, window.location.href);
|
|
37
|
+
const protocol = parsed.protocol.toLowerCase();
|
|
38
|
+
return ['http:', 'https:', 'mailto:'].includes(protocol);
|
|
39
|
+
}
|
|
40
|
+
catch (_a) {
|
|
41
|
+
return false;
|
|
42
|
+
}
|
|
43
|
+
}
|
|
33
44
|
/**
|
|
34
45
|
* A plugin to open the about section with resources.
|
|
35
46
|
*/
|
|
@@ -43,8 +54,28 @@ const open = {
|
|
|
43
54
|
label: (args) => args['text'],
|
|
44
55
|
execute: (args) => {
|
|
45
56
|
const url = args['url'];
|
|
57
|
+
if (!isUrlSafe(url)) {
|
|
58
|
+
console.warn(`Blocked unsafe URL: ${url}`);
|
|
59
|
+
return;
|
|
60
|
+
}
|
|
46
61
|
window.open(url);
|
|
47
62
|
},
|
|
63
|
+
describedBy: {
|
|
64
|
+
args: {
|
|
65
|
+
type: 'object',
|
|
66
|
+
properties: {
|
|
67
|
+
text: {
|
|
68
|
+
type: 'string',
|
|
69
|
+
description: 'The label to display for the help resource.',
|
|
70
|
+
},
|
|
71
|
+
url: {
|
|
72
|
+
type: 'string',
|
|
73
|
+
description: 'The URL to open in a new browser tab.',
|
|
74
|
+
},
|
|
75
|
+
},
|
|
76
|
+
required: ['text', 'url'],
|
|
77
|
+
},
|
|
78
|
+
},
|
|
48
79
|
});
|
|
49
80
|
},
|
|
50
81
|
};
|
|
@@ -93,6 +124,12 @@ const about = {
|
|
|
93
124
|
dialog.addClass('jp-AboutNotebook');
|
|
94
125
|
void dialog.launch();
|
|
95
126
|
},
|
|
127
|
+
describedBy: {
|
|
128
|
+
args: {
|
|
129
|
+
type: 'object',
|
|
130
|
+
properties: {},
|
|
131
|
+
},
|
|
132
|
+
},
|
|
96
133
|
});
|
|
97
134
|
if (palette) {
|
|
98
135
|
palette.addItem({ command: CommandIDs.about, category });
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@jupyter-notebook/help-extension",
|
|
3
|
-
"version": "7.6.0-alpha.
|
|
3
|
+
"version": "7.6.0-alpha.5",
|
|
4
4
|
"description": "Jupyter Notebook - Help Extension",
|
|
5
5
|
"homepage": "https://github.com/jupyter/notebook",
|
|
6
6
|
"bugs": {
|
|
@@ -38,11 +38,11 @@
|
|
|
38
38
|
"watch": "tsc -b --watch"
|
|
39
39
|
},
|
|
40
40
|
"dependencies": {
|
|
41
|
-
"@jupyter-notebook/ui-components": "^7.6.0-alpha.
|
|
42
|
-
"@jupyterlab/application": "~4.6.0-alpha.
|
|
43
|
-
"@jupyterlab/apputils": "~4.7.0-alpha.
|
|
44
|
-
"@jupyterlab/mainmenu": "~4.6.0-alpha.
|
|
45
|
-
"@jupyterlab/translation": "~4.6.0-alpha.
|
|
41
|
+
"@jupyter-notebook/ui-components": "^7.6.0-alpha.5",
|
|
42
|
+
"@jupyterlab/application": "~4.6.0-alpha.5",
|
|
43
|
+
"@jupyterlab/apputils": "~4.7.0-alpha.5",
|
|
44
|
+
"@jupyterlab/mainmenu": "~4.6.0-alpha.5",
|
|
45
|
+
"@jupyterlab/translation": "~4.6.0-alpha.5",
|
|
46
46
|
"react": "^18.2.0",
|
|
47
47
|
"react-dom": "^18.2.0"
|
|
48
48
|
},
|