@jupyterlab/htmlviewer 4.0.4 → 4.0.6

package/lib/widget.d.ts

@@ -47,7 +47,7 @@ export declare class HTMLViewer extends DocumentWidget<IFrame> implements IDocum
      * Set a <base> element in the HTML string so that the iframe
      * can correctly dereference relative links.
      */
-    private _setBase;
+    private _setupDocument;
     protected translator: ITranslator;
     private _renderPending;
     private _parser;

package/lib/widget.js

@@ -16,6 +16,35 @@ const RENDER_TIMEOUT = 1000;
  * The CSS class to add to the HTMLViewer Widget.
  */
 const CSS_CLASS = 'jp-HTMLViewer';
+const UNTRUSTED_LINK_STYLE = (options) => `<style>
+a[target="_blank"],
+area[target="_blank"],
+form[target="_blank"],
+button[formtarget="_blank"],
+input[formtarget="_blank"][type="image"],
+input[formtarget="_blank"][type="submit"] {
+  cursor: not-allowed !important;
+}
+a[target="_blank"]:hover::after,
+area[target="_blank"]:hover::after,
+form[target="_blank"]:hover::after,
+button[formtarget="_blank"]:hover::after,
+input[formtarget="_blank"][type="image"]:hover::after,
+input[formtarget="_blank"][type="submit"]:hover::after {
+  content: "${options.warning}";
+  box-sizing: border-box;
+  position: fixed;
+  top: 0;
+  left: 0;
+  width: 100%;
+  z-index: 1000;
+  border: 2px solid #e65100;
+  background-color: #ffb74d;
+  color: black;
+  font-family: system-ui, -apple-system, blinkmacsystemfont, 'Segoe UI', helvetica, arial, sans-serif;
+  text-align: center;
+}
+</style>`;
 /**
  * A viewer widget for HTML documents.
  *
@@ -72,8 +101,7 @@ export class HTMLViewer extends DocumentWidget {
         else {
             this.content.sandbox = Private.untrusted;
         }
-        // eslint-disable-next-line
-        this.content.url = this.content.url; // Force a refresh.
+        this.update(); // Force a refresh.
         this._trustedChanged.emit(value);
     }
     /**
@@ -111,7 +139,7 @@ export class HTMLViewer extends DocumentWidget {
      */
     async _renderModel() {
         let data = this.context.model.toString();
-        data = await this._setBase(data);
+        data = await this._setupDocument(data);
         // Set the new iframe url.
         const blob = new Blob([data], { type: 'text/html' });
         const oldUrl = this._objectUrl;
@@ -132,7 +160,7 @@ export class HTMLViewer extends DocumentWidget {
      * Set a <base> element in the HTML string so that the iframe
      * can correctly dereference relative links.
      */
-    async _setBase(data) {
+    async _setupDocument(data) {
         const doc = this._parser.parseFromString(data, 'text/html');
         let base = doc.querySelector('base');
         if (!base) {
@@ -147,6 +175,12 @@ export class HTMLViewer extends DocumentWidget {
         // (e.g. CSS and scripts).
         base.href = baseUrl;
         base.target = '_self';
+        // Inject dynamic style for links if the document is not trusted
+        if (!this.trusted) {
+            const trans = this.translator.load('jupyterlab');
+            const warning = trans.__('Action disabled as the file is not trusted.');
+            doc.body.insertAdjacentHTML('beforeend', UNTRUSTED_LINK_STYLE({ warning }));
+        }
         return doc.documentElement.innerHTML;
     }
 }
@@ -228,7 +262,10 @@ var Private;
     /**
      * Sandbox exceptions for trusted HTML.
      */
-    Private.trusted = ['allow-scripts'];
+    Private.trusted = [
+        'allow-scripts',
+        'allow-popups'
+    ];
     /**
      * React component for a trusted button.
      *
@@ -238,7 +275,7 @@ var Private;
         const translator = props.translator || nullTranslator;
         const trans = translator.load('jupyterlab');
         return (React.createElement(UseSignal, { signal: props.htmlDocument.trustedChanged, initialSender: props.htmlDocument }, () => (React.createElement(ToolbarButtonComponent, { className: "", onClick: () => (props.htmlDocument.trusted = !props.htmlDocument.trusted), tooltip: trans.__(`Whether the HTML file is trusted.
-Trusting the file allows scripts to run in it,
+Trusting the file allows opening pop-ups and running scripts
 which may result in security risks.
 Only enable for files you trust.`), label: props.htmlDocument.trusted
                 ? trans.__('Distrust HTML')

package/lib/widget.js.map

@@ -1 +1 @@
-{"version":3,"file":"widget.js","sourceRoot":"","sources":["../src/widget.tsx"],"names":[],"mappings":"AAAA;;;+EAG+E;AAE/E,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EACL,gBAAgB,EAEhB,cAAc,EAEf,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAe,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACtE,OAAO,EACL,MAAM,EACN,WAAW,EACX,WAAW,EACX,aAAa,EACb,sBAAsB,EACtB,SAAS,EACV,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAW,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAEpD,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAE/B;;GAEG;AACH,MAAM,cAAc,GAAG,IAAI,CAAC;AAE5B;;GAEG;AACH,MAAM,SAAS,GAAG,eAAe,CAAC;AAElC;;;;;;;;;;;;GAYG;AACH,MAAM,OAAO,UACX,SAAQ,cAAsB;IAG9B;;OAEG;IACH,YAAY,OAA+C;QACzD,KAAK,CAAC;YACJ,GAAG,OAAO;YACV,OAAO,EAAE,IAAI,MAAM,CAAC,EAAE,OAAO,EAAE,CAAC,mBAAmB,CAAC,EAAE,CAAC;SACxD,CAAC,CAAC;QAoHG,mBAAc,GAAG,KAAK,CAAC;QACvB,YAAO,GAAG,IAAI,SAAS,EAAE,CAAC;QAC1B,aAAQ,GACd,IAAI,CAAC;QACC,eAAU,GAAW,EAAE,CAAC;QACxB,oBAAe,GAAG,IAAI,MAAM,CAAgB,IAAI,CAAC,CAAC;QAxHxD,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,cAAc,CAAC;QACvD,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QAEjC,KAAK,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE;YAChC,IAAI,CAAC,MAAM,EAAE,CAAC;YACd,6CAA6C;YAC7C,IAAI,CAAC,QAAQ,GAAG,IAAI,eAAe,CAAC;gBAClC,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,cAAc;gBACzC,OAAO,EAAE,cAAc;aACxB,CAAC,CAAC;YACH,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACH,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC;IAC9D,CAAC;IACD,IAAI,OAAO,CAAC,KAAc;QACxB,IAAI,IAAI,CAAC,OAAO,KAAK,KAAK,EAAE;YAC1B,OAAO;SACR;QACD,IAAI,KAAK,EAAE;YACT,IAAI,CAAC,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;SACxC;aAAM;YACL,IAAI,CAAC,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC,SAAS,CAAC;SAC1C;QACD,2BAA2B;QAC3B,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,mBAAmB;QACxD,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,IAAI,cAAc;QAChB,OAAO,IAAI,CAAC,eAAe,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,OAAO;QACL,IAAI,IAAI,CAAC,UAAU,EAAE;YACnB,IAAI;gBACF,GAAG,CAAC,eAAe,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;aACtC;YAAC,OAAO,KAAK,EAAE;gBACd,WAAW;aACZ;SACF;QACD,KAAK,CAAC,OAAO,EAAE,CAAC;IAClB,CAAC;IAED;;OAEG;IACO,eAAe;QACvB,IAAI,IAAI,CAAC,cAAc,EAAE;YACvB,OAAO;SACR;QACD,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;QAC3B,KAAK,IAAI,CAAC,YAAY,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,cAAc,GAAG,KAAK,CAAC,CAAC,CAAC;IACrE,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,YAAY;QACxB,IAAI,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;QACzC,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAEjC,0BAA0B;QAC1B,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC;QACrD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC;QAC/B,IAAI,CAAC,UAAU,GAAG,GAAG,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;QAC5C,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC;QAEnC,gDAAgD;QAChD,IAAI,MAAM,EAAE;YACV,IAAI;gBACF,GAAG,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;aAC7B;YAAC,OAAO,KAAK,EAAE;gBACd,WAAW;aACZ;SACF;QACD,OAAO;IACT,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,QAAQ,CAAC,IAAY;QACjC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QAC5D,IAAI,IAAI,GAAG,GAAG,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QACrC,IAAI,CAAC,IAAI,EAAE;YACT,IAAI,GAAG,GAAG,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;YACjC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;SAClD;QACD,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;QAC/B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAEpE,0DAA0D;QAC1D,yDAAyD;QACzD,8DAA8D;QAC9D,0BAA0B;QAC1B,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC;QACpB,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC;QACtB,OAAO,GAAG,CAAC,eAAe,CAAC,SAAS,CAAC;IACvC,CAAC;CASF;AAED;;GAEG;AACH,MAAM,OAAO,iBAAkB,SAAQ,gBAA4B;IACjE;;OAEG;IACO,eAAe,CAAC,OAAiC;QACzD,OAAO,IAAI,UAAU,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;IACrC,CAAC;IAED;;OAEG;IACO,qBAAqB,CAC7B,MAAkB;QAElB,OAAO;YACL,yCAAyC;YACzC;gBACE,IAAI,EAAE,SAAS;gBACf,MAAM,EAAE,YAAY,CAAC,mBAAmB,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC;aAClE;YACD,uCAAuC;YACvC;gBACE,IAAI,EAAE,OAAO;gBACb,MAAM,EAAE,YAAY,CAAC,iBAAiB,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC;aAChE;SACF,CAAC;IACJ,CAAC;CACF;AAED;;GAEG;AACH,MAAM,KAAW,YAAY,CA0C5B;AA1CD,WAAiB,YAAY;IAC3B;;;;;;OAMG;IACH,SAAgB,mBAAmB,CACjC,MAAkB,EAClB,UAAwB;QAExB,MAAM,KAAK,GAAG,CAAC,UAAU,aAAV,UAAU,cAAV,UAAU,GAAI,cAAc,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAChE,OAAO,IAAI,aAAa,CAAC;YACvB,IAAI,EAAE,WAAW;YACjB,OAAO,EAAE,KAAK,IAAI,EAAE;gBAClB,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE;oBAC/B,MAAM,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;oBAC9B,MAAM,CAAC,MAAM,EAAE,CAAC;iBACjB;YACH,CAAC;YACD,OAAO,EAAE,KAAK,CAAC,EAAE,CAAC,wBAAwB,CAAC;SAC5C,CAAC,CAAC;IACL,CAAC;IAfe,gCAAmB,sBAelC,CAAA;IACD;;;;;;OAMG;IACH,SAAgB,iBAAiB,CAC/B,QAAoB,EACpB,UAAuB;QAEvB,OAAO,WAAW,CAAC,MAAM,CACvB,oBAAC,OAAO,CAAC,oBAAoB,IAC3B,YAAY,EAAE,QAAQ,EACtB,UAAU,EAAE,UAAU,GACtB,CACH,CAAC;IACJ,CAAC;IAVe,8BAAiB,oBAUhC,CAAA;AACH,CAAC,EA1CgB,YAAY,KAAZ,YAAY,QA0C5B;AAED;;GAEG;AACH,IAAU,OAAO,CA+DhB;AA/DD,WAAU,OAAO;IACf;;OAEG;IACU,iBAAS,GAA+B,EAAE,CAAC;IAExD;;OAEG;IACU,eAAO,GAA+B,CAAC,eAAe,CAAC,CAAC;IAmBrE;;;;OAIG;IACH,SAAgB,oBAAoB,CAClC,KAAkC;QAElC,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,IAAI,cAAc,CAAC;QACtD,MAAM,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC5C,OAAO,CACL,oBAAC,SAAS,IACR,MAAM,EAAE,KAAK,CAAC,YAAY,CAAC,cAAc,EACzC,aAAa,EAAE,KAAK,CAAC,YAAY,IAEhC,GAAG,EAAE,CAAC,CACL,oBAAC,sBAAsB,IACrB,SAAS,EAAC,EAAE,EACZ,OAAO,EAAE,GAAG,EAAE,CACZ,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,GAAG,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,CAAC,EAE5D,OAAO,EAAE,KAAK,CAAC,EAAE,CAAC;;;iCAGG,CAAC,EACtB,KAAK,EACH,KAAK,CAAC,YAAY,CAAC,OAAO;gBACxB,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,eAAe,CAAC;gBAC3B,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,GAE5B,CACH,CACS,CACb,CAAC;IACJ,CAAC;IA7Be,4BAAoB,uBA6BnC,CAAA;AACH,CAAC,EA/DS,OAAO,KAAP,OAAO,QA+DhB"}
+{"version":3,"file":"widget.js","sourceRoot":"","sources":["../src/widget.tsx"],"names":[],"mappings":"AAAA;;;+EAG+E;AAE/E,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EACL,gBAAgB,EAEhB,cAAc,EAEf,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAe,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACtE,OAAO,EACL,MAAM,EACN,WAAW,EACX,WAAW,EACX,aAAa,EACb,sBAAsB,EACtB,SAAS,EACV,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAW,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAEpD,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAE/B;;GAEG;AACH,MAAM,cAAc,GAAG,IAAI,CAAC;AAE5B;;GAEG;AACH,MAAM,SAAS,GAAG,eAAe,CAAC;AAElC,MAAM,oBAAoB,GAAG,CAAC,OAA4B,EAAE,EAAE,CAAC;;;;;;;;;;;;;;;cAejD,OAAO,CAAC,OAAO;;;;;;;;;;;;;SAapB,CAAC;AAEV;;;;;;;;;;;;GAYG;AACH,MAAM,OAAO,UACX,SAAQ,cAAsB;IAG9B;;OAEG;IACH,YAAY,OAA+C;QACzD,KAAK,CAAC;YACJ,GAAG,OAAO;YACV,OAAO,EAAE,IAAI,MAAM,CAAC,EAAE,OAAO,EAAE,CAAC,mBAAmB,CAAC,EAAE,CAAC;SACxD,CAAC,CAAC;QA6HG,mBAAc,GAAG,KAAK,CAAC;QACvB,YAAO,GAAG,IAAI,SAAS,EAAE,CAAC;QAC1B,aAAQ,GACd,IAAI,CAAC;QACC,eAAU,GAAW,EAAE,CAAC;QACxB,oBAAe,GAAG,IAAI,MAAM,CAAgB,IAAI,CAAC,CAAC;QAjIxD,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,cAAc,CAAC;QACvD,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QAEjC,KAAK,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE;YAChC,IAAI,CAAC,MAAM,EAAE,CAAC;YACd,6CAA6C;YAC7C,IAAI,CAAC,QAAQ,GAAG,IAAI,eAAe,CAAC;gBAClC,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,cAAc;gBACzC,OAAO,EAAE,cAAc;aACxB,CAAC,CAAC;YACH,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACH,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC;IAC9D,CAAC;IACD,IAAI,OAAO,CAAC,KAAc;QACxB,IAAI,IAAI,CAAC,OAAO,KAAK,KAAK,EAAE;YAC1B,OAAO;SACR;QACD,IAAI,KAAK,EAAE;YACT,IAAI,CAAC,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;SACxC;aAAM;YACL,IAAI,CAAC,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC,SAAS,CAAC;SAC1C;QACD,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,mBAAmB;QAClC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,IAAI,cAAc;QAChB,OAAO,IAAI,CAAC,eAAe,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,OAAO;QACL,IAAI,IAAI,CAAC,UAAU,EAAE;YACnB,IAAI;gBACF,GAAG,CAAC,eAAe,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;aACtC;YAAC,OAAO,KAAK,EAAE;gBACd,WAAW;aACZ;SACF;QACD,KAAK,CAAC,OAAO,EAAE,CAAC;IAClB,CAAC;IAED;;OAEG;IACO,eAAe;QACvB,IAAI,IAAI,CAAC,cAAc,EAAE;YACvB,OAAO;SACR;QACD,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;QAC3B,KAAK,IAAI,CAAC,YAAY,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,cAAc,GAAG,KAAK,CAAC,CAAC,CAAC;IACrE,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,YAAY;QACxB,IAAI,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;QACzC,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAEvC,0BAA0B;QAC1B,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC;QACrD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC;QAC/B,IAAI,CAAC,UAAU,GAAG,GAAG,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;QAC5C,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC;QAEnC,gDAAgD;QAChD,IAAI,MAAM,EAAE;YACV,IAAI;gBACF,GAAG,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;aAC7B;YAAC,OAAO,KAAK,EAAE;gBACd,WAAW;aACZ;SACF;QACD,OAAO;IACT,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,cAAc,CAAC,IAAY;QACvC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QAC5D,IAAI,IAAI,GAAG,GAAG,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QACrC,IAAI,CAAC,IAAI,EAAE;YACT,IAAI,GAAG,GAAG,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;YACjC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;SAClD;QACD,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;QAC/B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAEpE,0DAA0D;QAC1D,yDAAyD;QACzD,8DAA8D;QAC9D,0BAA0B;QAC1B,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC;QACpB,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC;QAEtB,gEAAgE;QAChE,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE;YACjB,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACjD,MAAM,OAAO,GAAG,KAAK,CAAC,EAAE,CAAC,6CAA6C,CAAC,CAAC;YACxE,GAAG,CAAC,IAAI,CAAC,kBAAkB,CACzB,WAAW,EACX,oBAAoB,CAAC,EAAE,OAAO,EAAE,CAAC,CAClC,CAAC;SACH;QACD,OAAO,GAAG,CAAC,eAAe,CAAC,SAAS,CAAC;IACvC,CAAC;CASF;AAED;;GAEG;AACH,MAAM,OAAO,iBAAkB,SAAQ,gBAA4B;IACjE;;OAEG;IACO,eAAe,CAAC,OAAiC;QACzD,OAAO,IAAI,UAAU,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;IACrC,CAAC;IAED;;OAEG;IACO,qBAAqB,CAC7B,MAAkB;QAElB,OAAO;YACL,yCAAyC;YACzC;gBACE,IAAI,EAAE,SAAS;gBACf,MAAM,EAAE,YAAY,CAAC,mBAAmB,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC;aAClE;YACD,uCAAuC;YACvC;gBACE,IAAI,EAAE,OAAO;gBACb,MAAM,EAAE,YAAY,CAAC,iBAAiB,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC;aAChE;SACF,CAAC;IACJ,CAAC;CACF;AAED;;GAEG;AACH,MAAM,KAAW,YAAY,CA0C5B;AA1CD,WAAiB,YAAY;IAC3B;;;;;;OAMG;IACH,SAAgB,mBAAmB,CACjC,MAAkB,EAClB,UAAwB;QAExB,MAAM,KAAK,GAAG,CAAC,UAAU,aAAV,UAAU,cAAV,UAAU,GAAI,cAAc,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAChE,OAAO,IAAI,aAAa,CAAC;YACvB,IAAI,EAAE,WAAW;YACjB,OAAO,EAAE,KAAK,IAAI,EAAE;gBAClB,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE;oBAC/B,MAAM,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;oBAC9B,MAAM,CAAC,MAAM,EAAE,CAAC;iBACjB;YACH,CAAC;YACD,OAAO,EAAE,KAAK,CAAC,EAAE,CAAC,wBAAwB,CAAC;SAC5C,CAAC,CAAC;IACL,CAAC;IAfe,gCAAmB,sBAelC,CAAA;IACD;;;;;;OAMG;IACH,SAAgB,iBAAiB,CAC/B,QAAoB,EACpB,UAAuB;QAEvB,OAAO,WAAW,CAAC,MAAM,CACvB,oBAAC,OAAO,CAAC,oBAAoB,IAC3B,YAAY,EAAE,QAAQ,EACtB,UAAU,EAAE,UAAU,GACtB,CACH,CAAC;IACJ,CAAC;IAVe,8BAAiB,oBAUhC,CAAA;AACH,CAAC,EA1CgB,YAAY,KAAZ,YAAY,QA0C5B;AAED;;GAEG;AACH,IAAU,OAAO,CAkEhB;AAlED,WAAU,OAAO;IACf;;OAEG;IACU,iBAAS,GAA+B,EAAE,CAAC;IAExD;;OAEG;IACU,eAAO,GAA+B;QACjD,eAAe;QACf,cAAc;KACf,CAAC;IAmBF;;;;OAIG;IACH,SAAgB,oBAAoB,CAClC,KAAkC;QAElC,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,IAAI,cAAc,CAAC;QACtD,MAAM,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC5C,OAAO,CACL,oBAAC,SAAS,IACR,MAAM,EAAE,KAAK,CAAC,YAAY,CAAC,cAAc,EACzC,aAAa,EAAE,KAAK,CAAC,YAAY,IAEhC,GAAG,EAAE,CAAC,CACL,oBAAC,sBAAsB,IACrB,SAAS,EAAC,EAAE,EACZ,OAAO,EAAE,GAAG,EAAE,CACZ,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,GAAG,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,CAAC,EAE5D,OAAO,EAAE,KAAK,CAAC,EAAE,CAAC;;;iCAGG,CAAC,EACtB,KAAK,EACH,KAAK,CAAC,YAAY,CAAC,OAAO;gBACxB,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,eAAe,CAAC;gBAC3B,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,GAE5B,CACH,CACS,CACb,CAAC;IACJ,CAAC;IA7Be,4BAAoB,uBA6BnC,CAAA;AACH,CAAC,EAlES,OAAO,KAAP,OAAO,QAkEhB"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jupyterlab/htmlviewer",
-  "version": "4.0.4",
+  "version": "4.0.6",
   "description": "A viewer for HTML documents.",
   "homepage": "https://github.com/jupyterlab/jupyterlab",
   "bugs": {
@@ -33,14 +33,14 @@
     "watch": "tsc -w --listEmittedFiles"
   },
   "dependencies": {
-    "@jupyterlab/apputils": "^4.1.4",
-    "@jupyterlab/coreutils": "^6.0.4",
-    "@jupyterlab/docregistry": "^4.0.4",
-    "@jupyterlab/translation": "^4.0.4",
-    "@jupyterlab/ui-components": "^4.0.4",
-    "@lumino/coreutils": "^2.1.1",
-    "@lumino/signaling": "^2.1.1",
-    "@lumino/widgets": "^2.1.1",
+    "@jupyterlab/apputils": "^4.1.6",
+    "@jupyterlab/coreutils": "^6.0.6",
+    "@jupyterlab/docregistry": "^4.0.6",
+    "@jupyterlab/translation": "^4.0.6",
+    "@jupyterlab/ui-components": "^4.0.6",
+    "@lumino/coreutils": "^2.1.2",
+    "@lumino/signaling": "^2.1.2",
+    "@lumino/widgets": "^2.3.0",
     "react": "^18.2.0"
   },
   "devDependencies": {

package/src/widget.tsx

@@ -33,6 +33,36 @@ const RENDER_TIMEOUT = 1000;
  */
 const CSS_CLASS = 'jp-HTMLViewer';
 
+const UNTRUSTED_LINK_STYLE = (options: { warning: string }) => `<style>
+a[target="_blank"],
+area[target="_blank"],
+form[target="_blank"],
+button[formtarget="_blank"],
+input[formtarget="_blank"][type="image"],
+input[formtarget="_blank"][type="submit"] {
+  cursor: not-allowed !important;
+}
+a[target="_blank"]:hover::after,
+area[target="_blank"]:hover::after,
+form[target="_blank"]:hover::after,
+button[formtarget="_blank"]:hover::after,
+input[formtarget="_blank"][type="image"]:hover::after,
+input[formtarget="_blank"][type="submit"]:hover::after {
+  content: "${options.warning}";
+  box-sizing: border-box;
+  position: fixed;
+  top: 0;
+  left: 0;
+  width: 100%;
+  z-index: 1000;
+  border: 2px solid #e65100;
+  background-color: #ffb74d;
+  color: black;
+  font-family: system-ui, -apple-system, blinkmacsystemfont, 'Segoe UI', helvetica, arial, sans-serif;
+  text-align: center;
+}
+</style>`;
+
 /**
  * A viewer widget for HTML documents.
  *
@@ -88,8 +118,7 @@ export class HTMLViewer
     } else {
       this.content.sandbox = Private.untrusted;
     }
-    // eslint-disable-next-line
-    this.content.url = this.content.url; // Force a refresh.
+    this.update(); // Force a refresh.
     this._trustedChanged.emit(value);
   }
 
@@ -130,7 +159,7 @@ export class HTMLViewer
    */
   private async _renderModel(): Promise<void> {
     let data = this.context.model.toString();
-    data = await this._setBase(data);
+    data = await this._setupDocument(data);
 
     // Set the new iframe url.
     const blob = new Blob([data], { type: 'text/html' });
@@ -153,7 +182,7 @@ export class HTMLViewer
    * Set a <base> element in the HTML string so that the iframe
    * can correctly dereference relative links.
    */
-  private async _setBase(data: string): Promise<string> {
+  private async _setupDocument(data: string): Promise<string> {
     const doc = this._parser.parseFromString(data, 'text/html');
     let base = doc.querySelector('base');
     if (!base) {
@@ -169,6 +198,16 @@ export class HTMLViewer
     // (e.g. CSS and scripts).
     base.href = baseUrl;
     base.target = '_self';
+
+    // Inject dynamic style for links if the document is not trusted
+    if (!this.trusted) {
+      const trans = this.translator.load('jupyterlab');
+      const warning = trans.__('Action disabled as the file is not trusted.');
+      doc.body.insertAdjacentHTML(
+        'beforeend',
+        UNTRUSTED_LINK_STYLE({ warning })
+      );
+    }
     return doc.documentElement.innerHTML;
   }
 
@@ -272,7 +311,10 @@ namespace Private {
   /**
    * Sandbox exceptions for trusted HTML.
    */
-  export const trusted: IFrame.SandboxExceptions[] = ['allow-scripts'];
+  export const trusted: IFrame.SandboxExceptions[] = [
+    'allow-scripts',
+    'allow-popups'
+  ];
 
   /**
    * Namespace for TrustedButton.
@@ -313,7 +355,7 @@ namespace Private {
               (props.htmlDocument.trusted = !props.htmlDocument.trusted)
             }
             tooltip={trans.__(`Whether the HTML file is trusted.
-Trusting the file allows scripts to run in it,
+Trusting the file allows opening pop-ups and running scripts
 which may result in security risks.
 Only enable for files you trust.`)}
             label={