@jupyterlab/htmlviewer 4.0.4 → 4.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/widget.d.ts +1 -1
- package/lib/widget.js +43 -6
- package/lib/widget.js.map +1 -1
- package/package.json +9 -9
- package/src/widget.tsx +48 -6
package/lib/widget.d.ts
CHANGED
|
@@ -47,7 +47,7 @@ export declare class HTMLViewer extends DocumentWidget<IFrame> implements IDocum
|
|
|
47
47
|
* Set a <base> element in the HTML string so that the iframe
|
|
48
48
|
* can correctly dereference relative links.
|
|
49
49
|
*/
|
|
50
|
-
private
|
|
50
|
+
private _setupDocument;
|
|
51
51
|
protected translator: ITranslator;
|
|
52
52
|
private _renderPending;
|
|
53
53
|
private _parser;
|
package/lib/widget.js
CHANGED
|
@@ -16,6 +16,35 @@ const RENDER_TIMEOUT = 1000;
|
|
|
16
16
|
* The CSS class to add to the HTMLViewer Widget.
|
|
17
17
|
*/
|
|
18
18
|
const CSS_CLASS = 'jp-HTMLViewer';
|
|
19
|
+
const UNTRUSTED_LINK_STYLE = (options) => `<style>
|
|
20
|
+
a[target="_blank"],
|
|
21
|
+
area[target="_blank"],
|
|
22
|
+
form[target="_blank"],
|
|
23
|
+
button[formtarget="_blank"],
|
|
24
|
+
input[formtarget="_blank"][type="image"],
|
|
25
|
+
input[formtarget="_blank"][type="submit"] {
|
|
26
|
+
cursor: not-allowed !important;
|
|
27
|
+
}
|
|
28
|
+
a[target="_blank"]:hover::after,
|
|
29
|
+
area[target="_blank"]:hover::after,
|
|
30
|
+
form[target="_blank"]:hover::after,
|
|
31
|
+
button[formtarget="_blank"]:hover::after,
|
|
32
|
+
input[formtarget="_blank"][type="image"]:hover::after,
|
|
33
|
+
input[formtarget="_blank"][type="submit"]:hover::after {
|
|
34
|
+
content: "${options.warning}";
|
|
35
|
+
box-sizing: border-box;
|
|
36
|
+
position: fixed;
|
|
37
|
+
top: 0;
|
|
38
|
+
left: 0;
|
|
39
|
+
width: 100%;
|
|
40
|
+
z-index: 1000;
|
|
41
|
+
border: 2px solid #e65100;
|
|
42
|
+
background-color: #ffb74d;
|
|
43
|
+
color: black;
|
|
44
|
+
font-family: system-ui, -apple-system, blinkmacsystemfont, 'Segoe UI', helvetica, arial, sans-serif;
|
|
45
|
+
text-align: center;
|
|
46
|
+
}
|
|
47
|
+
</style>`;
|
|
19
48
|
/**
|
|
20
49
|
* A viewer widget for HTML documents.
|
|
21
50
|
*
|
|
@@ -72,8 +101,7 @@ export class HTMLViewer extends DocumentWidget {
|
|
|
72
101
|
else {
|
|
73
102
|
this.content.sandbox = Private.untrusted;
|
|
74
103
|
}
|
|
75
|
-
//
|
|
76
|
-
this.content.url = this.content.url; // Force a refresh.
|
|
104
|
+
this.update(); // Force a refresh.
|
|
77
105
|
this._trustedChanged.emit(value);
|
|
78
106
|
}
|
|
79
107
|
/**
|
|
@@ -111,7 +139,7 @@ export class HTMLViewer extends DocumentWidget {
|
|
|
111
139
|
*/
|
|
112
140
|
async _renderModel() {
|
|
113
141
|
let data = this.context.model.toString();
|
|
114
|
-
data = await this.
|
|
142
|
+
data = await this._setupDocument(data);
|
|
115
143
|
// Set the new iframe url.
|
|
116
144
|
const blob = new Blob([data], { type: 'text/html' });
|
|
117
145
|
const oldUrl = this._objectUrl;
|
|
@@ -132,7 +160,7 @@ export class HTMLViewer extends DocumentWidget {
|
|
|
132
160
|
* Set a <base> element in the HTML string so that the iframe
|
|
133
161
|
* can correctly dereference relative links.
|
|
134
162
|
*/
|
|
135
|
-
async
|
|
163
|
+
async _setupDocument(data) {
|
|
136
164
|
const doc = this._parser.parseFromString(data, 'text/html');
|
|
137
165
|
let base = doc.querySelector('base');
|
|
138
166
|
if (!base) {
|
|
@@ -147,6 +175,12 @@ export class HTMLViewer extends DocumentWidget {
|
|
|
147
175
|
// (e.g. CSS and scripts).
|
|
148
176
|
base.href = baseUrl;
|
|
149
177
|
base.target = '_self';
|
|
178
|
+
// Inject dynamic style for links if the document is not trusted
|
|
179
|
+
if (!this.trusted) {
|
|
180
|
+
const trans = this.translator.load('jupyterlab');
|
|
181
|
+
const warning = trans.__('Action disabled as the file is not trusted.');
|
|
182
|
+
doc.body.insertAdjacentHTML('beforeend', UNTRUSTED_LINK_STYLE({ warning }));
|
|
183
|
+
}
|
|
150
184
|
return doc.documentElement.innerHTML;
|
|
151
185
|
}
|
|
152
186
|
}
|
|
@@ -228,7 +262,10 @@ var Private;
|
|
|
228
262
|
/**
|
|
229
263
|
* Sandbox exceptions for trusted HTML.
|
|
230
264
|
*/
|
|
231
|
-
Private.trusted = [
|
|
265
|
+
Private.trusted = [
|
|
266
|
+
'allow-scripts',
|
|
267
|
+
'allow-popups'
|
|
268
|
+
];
|
|
232
269
|
/**
|
|
233
270
|
* React component for a trusted button.
|
|
234
271
|
*
|
|
@@ -238,7 +275,7 @@ var Private;
|
|
|
238
275
|
const translator = props.translator || nullTranslator;
|
|
239
276
|
const trans = translator.load('jupyterlab');
|
|
240
277
|
return (React.createElement(UseSignal, { signal: props.htmlDocument.trustedChanged, initialSender: props.htmlDocument }, () => (React.createElement(ToolbarButtonComponent, { className: "", onClick: () => (props.htmlDocument.trusted = !props.htmlDocument.trusted), tooltip: trans.__(`Whether the HTML file is trusted.
|
|
241
|
-
Trusting the file allows
|
|
278
|
+
Trusting the file allows opening pop-ups and running scripts
|
|
242
279
|
which may result in security risks.
|
|
243
280
|
Only enable for files you trust.`), label: props.htmlDocument.trusted
|
|
244
281
|
? trans.__('Distrust HTML')
|
package/lib/widget.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"widget.js","sourceRoot":"","sources":["../src/widget.tsx"],"names":[],"mappings":"AAAA;;;+EAG+E;AAE/E,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EACL,gBAAgB,EAEhB,cAAc,EAEf,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAe,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACtE,OAAO,EACL,MAAM,EACN,WAAW,EACX,WAAW,EACX,aAAa,EACb,sBAAsB,EACtB,SAAS,EACV,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAW,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAEpD,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAE/B;;GAEG;AACH,MAAM,cAAc,GAAG,IAAI,CAAC;AAE5B;;GAEG;AACH,MAAM,SAAS,GAAG,eAAe,CAAC;AAElC;;;;;;;;;;;;GAYG;AACH,MAAM,OAAO,UACX,SAAQ,cAAsB;IAG9B;;OAEG;IACH,YAAY,OAA+C;QACzD,KAAK,CAAC;YACJ,GAAG,OAAO;YACV,OAAO,EAAE,IAAI,MAAM,CAAC,EAAE,OAAO,EAAE,CAAC,mBAAmB,CAAC,EAAE,CAAC;SACxD,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"widget.js","sourceRoot":"","sources":["../src/widget.tsx"],"names":[],"mappings":"AAAA;;;+EAG+E;AAE/E,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EACL,gBAAgB,EAEhB,cAAc,EAEf,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAe,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACtE,OAAO,EACL,MAAM,EACN,WAAW,EACX,WAAW,EACX,aAAa,EACb,sBAAsB,EACtB,SAAS,EACV,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAW,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAEpD,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAE/B;;GAEG;AACH,MAAM,cAAc,GAAG,IAAI,CAAC;AAE5B;;GAEG;AACH,MAAM,SAAS,GAAG,eAAe,CAAC;AAElC,MAAM,oBAAoB,GAAG,CAAC,OAA4B,EAAE,EAAE,CAAC;;;;;;;;;;;;;;;cAejD,OAAO,CAAC,OAAO;;;;;;;;;;;;;SAapB,CAAC;AAEV;;;;;;;;;;;;GAYG;AACH,MAAM,OAAO,UACX,SAAQ,cAAsB;IAG9B;;OAEG;IACH,YAAY,OAA+C;QACzD,KAAK,CAAC;YACJ,GAAG,OAAO;YACV,OAAO,EAAE,IAAI,MAAM,CAAC,EAAE,OAAO,EAAE,CAAC,mBAAmB,CAAC,EAAE,CAAC;SACxD,CAAC,CAAC;QA6HG,mBAAc,GAAG,KAAK,CAAC;QACvB,YAAO,GAAG,IAAI,SAAS,EAAE,CAAC;QAC1B,aAAQ,GACd,IAAI,CAAC;QACC,eAAU,GAAW,EAAE,CAAC;QACxB,oBAAe,GAAG,IAAI,MAAM,CAAgB,IAAI,CAAC,CAAC;QAjIxD,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,cAAc,CAAC;QACvD,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QAEjC,KAAK,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE;YAChC,IAAI,CAAC,MAAM,EAAE,CAAC;YACd,6CAA6C;YAC7C,IAAI,CAAC,QAAQ,GAAG,IAAI,eAAe,CAAC;gBAClC,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,cAAc;gBACzC,OAAO,EAAE,cAAc;aACxB,CAAC,CAAC;YACH,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACH,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC;IAC9D,CAAC;IACD,IAAI,OAAO,CAAC,KAAc;QACxB,IAAI,IAAI,CAAC,OAAO,KAAK,KAAK,EAAE;YAC1B,OAAO;SACR;QACD,IAAI,KAAK,EAAE;YACT,IAAI,CAAC,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;SACxC;aAAM;YACL,IAAI,CAAC,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC,SAAS,CAAC;SAC1C;QACD,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,mBAAmB;QAClC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,IAAI,cAAc;QAChB,OAAO,IAAI,CAAC,eAAe,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,OAAO;QACL,IAAI,IAAI,CAAC,UAAU,EAAE;YACnB,IAAI;gBACF,GAAG,CAAC,eAAe,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;aACtC;YAAC,OAAO,KAAK,EAAE;gBACd,WAAW;aACZ;SACF;QACD,KAAK,CAAC,OAAO,EAAE,CAAC;IAClB,CAAC;IAED;;OAEG;IACO,eAAe;QACvB,IAAI,IAAI,CAAC,cAAc,EAAE;YACvB,OAAO;SACR;QACD,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;QAC3B,KAAK,IAAI,CAAC,YAAY,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,cAAc,GAAG,KAAK,CAAC,CAAC,CAAC;IACrE,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,YAAY;QACxB,IAAI,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;QACzC,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAEvC,0BAA0B;QAC1B,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC;QACrD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC;QAC/B,IAAI,CAAC,UAAU,GAAG,GAAG,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;QAC5C,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC;QAEnC,gDAAgD;QAChD,IAAI,MAAM,EAAE;YACV,IAAI;gBACF,GAAG,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;aAC7B;YAAC,OAAO,KAAK,EAAE;gBACd,WAAW;aACZ;SACF;QACD,OAAO;IACT,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,cAAc,CAAC,IAAY;QACvC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QAC5D,IAAI,IAAI,GAAG,GAAG,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QACrC,IAAI,CAAC,IAAI,EAAE;YACT,IAAI,GAAG,GAAG,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;YACjC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;SAClD;QACD,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;QAC/B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAEpE,0DAA0D;QAC1D,yDAAyD;QACzD,8DAA8D;QAC9D,0BAA0B;QAC1B,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC;QACpB,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC;QAEtB,gEAAgE;QAChE,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE;YACjB,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACjD,MAAM,OAAO,GAAG,KAAK,CAAC,EAAE,CAAC,6CAA6C,CAAC,CAAC;YACxE,GAAG,CAAC,IAAI,CAAC,kBAAkB,CACzB,WAAW,EACX,oBAAoB,CAAC,EAAE,OAAO,EAAE,CAAC,CAClC,CAAC;SACH;QACD,OAAO,GAAG,CAAC,eAAe,CAAC,SAAS,CAAC;IACvC,CAAC;CASF;AAED;;GAEG;AACH,MAAM,OAAO,iBAAkB,SAAQ,gBAA4B;IACjE;;OAEG;IACO,eAAe,CAAC,OAAiC;QACzD,OAAO,IAAI,UAAU,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;IACrC,CAAC;IAED;;OAEG;IACO,qBAAqB,CAC7B,MAAkB;QAElB,OAAO;YACL,yCAAyC;YACzC;gBACE,IAAI,EAAE,SAAS;gBACf,MAAM,EAAE,YAAY,CAAC,mBAAmB,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC;aAClE;YACD,uCAAuC;YACvC;gBACE,IAAI,EAAE,OAAO;gBACb,MAAM,EAAE,YAAY,CAAC,iBAAiB,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC;aAChE;SACF,CAAC;IACJ,CAAC;CACF;AAED;;GAEG;AACH,MAAM,KAAW,YAAY,CA0C5B;AA1CD,WAAiB,YAAY;IAC3B;;;;;;OAMG;IACH,SAAgB,mBAAmB,CACjC,MAAkB,EAClB,UAAwB;QAExB,MAAM,KAAK,GAAG,CAAC,UAAU,aAAV,UAAU,cAAV,UAAU,GAAI,cAAc,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAChE,OAAO,IAAI,aAAa,CAAC;YACvB,IAAI,EAAE,WAAW;YACjB,OAAO,EAAE,KAAK,IAAI,EAAE;gBAClB,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE;oBAC/B,MAAM,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;oBAC9B,MAAM,CAAC,MAAM,EAAE,CAAC;iBACjB;YACH,CAAC;YACD,OAAO,EAAE,KAAK,CAAC,EAAE,CAAC,wBAAwB,CAAC;SAC5C,CAAC,CAAC;IACL,CAAC;IAfe,gCAAmB,sBAelC,CAAA;IACD;;;;;;OAMG;IACH,SAAgB,iBAAiB,CAC/B,QAAoB,EACpB,UAAuB;QAEvB,OAAO,WAAW,CAAC,MAAM,CACvB,oBAAC,OAAO,CAAC,oBAAoB,IAC3B,YAAY,EAAE,QAAQ,EACtB,UAAU,EAAE,UAAU,GACtB,CACH,CAAC;IACJ,CAAC;IAVe,8BAAiB,oBAUhC,CAAA;AACH,CAAC,EA1CgB,YAAY,KAAZ,YAAY,QA0C5B;AAED;;GAEG;AACH,IAAU,OAAO,CAkEhB;AAlED,WAAU,OAAO;IACf;;OAEG;IACU,iBAAS,GAA+B,EAAE,CAAC;IAExD;;OAEG;IACU,eAAO,GAA+B;QACjD,eAAe;QACf,cAAc;KACf,CAAC;IAmBF;;;;OAIG;IACH,SAAgB,oBAAoB,CAClC,KAAkC;QAElC,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,IAAI,cAAc,CAAC;QACtD,MAAM,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC5C,OAAO,CACL,oBAAC,SAAS,IACR,MAAM,EAAE,KAAK,CAAC,YAAY,CAAC,cAAc,EACzC,aAAa,EAAE,KAAK,CAAC,YAAY,IAEhC,GAAG,EAAE,CAAC,CACL,oBAAC,sBAAsB,IACrB,SAAS,EAAC,EAAE,EACZ,OAAO,EAAE,GAAG,EAAE,CACZ,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,GAAG,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,CAAC,EAE5D,OAAO,EAAE,KAAK,CAAC,EAAE,CAAC;;;iCAGG,CAAC,EACtB,KAAK,EACH,KAAK,CAAC,YAAY,CAAC,OAAO;gBACxB,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,eAAe,CAAC;gBAC3B,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,GAE5B,CACH,CACS,CACb,CAAC;IACJ,CAAC;IA7Be,4BAAoB,uBA6BnC,CAAA;AACH,CAAC,EAlES,OAAO,KAAP,OAAO,QAkEhB"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@jupyterlab/htmlviewer",
|
|
3
|
-
"version": "4.0.
|
|
3
|
+
"version": "4.0.6",
|
|
4
4
|
"description": "A viewer for HTML documents.",
|
|
5
5
|
"homepage": "https://github.com/jupyterlab/jupyterlab",
|
|
6
6
|
"bugs": {
|
|
@@ -33,14 +33,14 @@
|
|
|
33
33
|
"watch": "tsc -w --listEmittedFiles"
|
|
34
34
|
},
|
|
35
35
|
"dependencies": {
|
|
36
|
-
"@jupyterlab/apputils": "^4.1.
|
|
37
|
-
"@jupyterlab/coreutils": "^6.0.
|
|
38
|
-
"@jupyterlab/docregistry": "^4.0.
|
|
39
|
-
"@jupyterlab/translation": "^4.0.
|
|
40
|
-
"@jupyterlab/ui-components": "^4.0.
|
|
41
|
-
"@lumino/coreutils": "^2.1.
|
|
42
|
-
"@lumino/signaling": "^2.1.
|
|
43
|
-
"@lumino/widgets": "^2.
|
|
36
|
+
"@jupyterlab/apputils": "^4.1.6",
|
|
37
|
+
"@jupyterlab/coreutils": "^6.0.6",
|
|
38
|
+
"@jupyterlab/docregistry": "^4.0.6",
|
|
39
|
+
"@jupyterlab/translation": "^4.0.6",
|
|
40
|
+
"@jupyterlab/ui-components": "^4.0.6",
|
|
41
|
+
"@lumino/coreutils": "^2.1.2",
|
|
42
|
+
"@lumino/signaling": "^2.1.2",
|
|
43
|
+
"@lumino/widgets": "^2.3.0",
|
|
44
44
|
"react": "^18.2.0"
|
|
45
45
|
},
|
|
46
46
|
"devDependencies": {
|
package/src/widget.tsx
CHANGED
|
@@ -33,6 +33,36 @@ const RENDER_TIMEOUT = 1000;
|
|
|
33
33
|
*/
|
|
34
34
|
const CSS_CLASS = 'jp-HTMLViewer';
|
|
35
35
|
|
|
36
|
+
const UNTRUSTED_LINK_STYLE = (options: { warning: string }) => `<style>
|
|
37
|
+
a[target="_blank"],
|
|
38
|
+
area[target="_blank"],
|
|
39
|
+
form[target="_blank"],
|
|
40
|
+
button[formtarget="_blank"],
|
|
41
|
+
input[formtarget="_blank"][type="image"],
|
|
42
|
+
input[formtarget="_blank"][type="submit"] {
|
|
43
|
+
cursor: not-allowed !important;
|
|
44
|
+
}
|
|
45
|
+
a[target="_blank"]:hover::after,
|
|
46
|
+
area[target="_blank"]:hover::after,
|
|
47
|
+
form[target="_blank"]:hover::after,
|
|
48
|
+
button[formtarget="_blank"]:hover::after,
|
|
49
|
+
input[formtarget="_blank"][type="image"]:hover::after,
|
|
50
|
+
input[formtarget="_blank"][type="submit"]:hover::after {
|
|
51
|
+
content: "${options.warning}";
|
|
52
|
+
box-sizing: border-box;
|
|
53
|
+
position: fixed;
|
|
54
|
+
top: 0;
|
|
55
|
+
left: 0;
|
|
56
|
+
width: 100%;
|
|
57
|
+
z-index: 1000;
|
|
58
|
+
border: 2px solid #e65100;
|
|
59
|
+
background-color: #ffb74d;
|
|
60
|
+
color: black;
|
|
61
|
+
font-family: system-ui, -apple-system, blinkmacsystemfont, 'Segoe UI', helvetica, arial, sans-serif;
|
|
62
|
+
text-align: center;
|
|
63
|
+
}
|
|
64
|
+
</style>`;
|
|
65
|
+
|
|
36
66
|
/**
|
|
37
67
|
* A viewer widget for HTML documents.
|
|
38
68
|
*
|
|
@@ -88,8 +118,7 @@ export class HTMLViewer
|
|
|
88
118
|
} else {
|
|
89
119
|
this.content.sandbox = Private.untrusted;
|
|
90
120
|
}
|
|
91
|
-
//
|
|
92
|
-
this.content.url = this.content.url; // Force a refresh.
|
|
121
|
+
this.update(); // Force a refresh.
|
|
93
122
|
this._trustedChanged.emit(value);
|
|
94
123
|
}
|
|
95
124
|
|
|
@@ -130,7 +159,7 @@ export class HTMLViewer
|
|
|
130
159
|
*/
|
|
131
160
|
private async _renderModel(): Promise<void> {
|
|
132
161
|
let data = this.context.model.toString();
|
|
133
|
-
data = await this.
|
|
162
|
+
data = await this._setupDocument(data);
|
|
134
163
|
|
|
135
164
|
// Set the new iframe url.
|
|
136
165
|
const blob = new Blob([data], { type: 'text/html' });
|
|
@@ -153,7 +182,7 @@ export class HTMLViewer
|
|
|
153
182
|
* Set a <base> element in the HTML string so that the iframe
|
|
154
183
|
* can correctly dereference relative links.
|
|
155
184
|
*/
|
|
156
|
-
private async
|
|
185
|
+
private async _setupDocument(data: string): Promise<string> {
|
|
157
186
|
const doc = this._parser.parseFromString(data, 'text/html');
|
|
158
187
|
let base = doc.querySelector('base');
|
|
159
188
|
if (!base) {
|
|
@@ -169,6 +198,16 @@ export class HTMLViewer
|
|
|
169
198
|
// (e.g. CSS and scripts).
|
|
170
199
|
base.href = baseUrl;
|
|
171
200
|
base.target = '_self';
|
|
201
|
+
|
|
202
|
+
// Inject dynamic style for links if the document is not trusted
|
|
203
|
+
if (!this.trusted) {
|
|
204
|
+
const trans = this.translator.load('jupyterlab');
|
|
205
|
+
const warning = trans.__('Action disabled as the file is not trusted.');
|
|
206
|
+
doc.body.insertAdjacentHTML(
|
|
207
|
+
'beforeend',
|
|
208
|
+
UNTRUSTED_LINK_STYLE({ warning })
|
|
209
|
+
);
|
|
210
|
+
}
|
|
172
211
|
return doc.documentElement.innerHTML;
|
|
173
212
|
}
|
|
174
213
|
|
|
@@ -272,7 +311,10 @@ namespace Private {
|
|
|
272
311
|
/**
|
|
273
312
|
* Sandbox exceptions for trusted HTML.
|
|
274
313
|
*/
|
|
275
|
-
export const trusted: IFrame.SandboxExceptions[] = [
|
|
314
|
+
export const trusted: IFrame.SandboxExceptions[] = [
|
|
315
|
+
'allow-scripts',
|
|
316
|
+
'allow-popups'
|
|
317
|
+
];
|
|
276
318
|
|
|
277
319
|
/**
|
|
278
320
|
* Namespace for TrustedButton.
|
|
@@ -313,7 +355,7 @@ namespace Private {
|
|
|
313
355
|
(props.htmlDocument.trusted = !props.htmlDocument.trusted)
|
|
314
356
|
}
|
|
315
357
|
tooltip={trans.__(`Whether the HTML file is trusted.
|
|
316
|
-
Trusting the file allows
|
|
358
|
+
Trusting the file allows opening pop-ups and running scripts
|
|
317
359
|
which may result in security risks.
|
|
318
360
|
Only enable for files you trust.`)}
|
|
319
361
|
label={
|