@marimo-team/islands 0.22.5-dev4 → 0.22.5-dev7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/{chat-ui-DfR3sT9K.js → chat-ui-X5KPeHrU.js} +123 -123
  2. package/dist/main.js +243 -243
  3. package/dist/{process-output-BvkX_OeE.js → process-output-C0tmJosY.js} +85 -84
  4. package/package.json +1 -1
  5. package/src/components/editor/errors/traceback-modal.tsx +6 -5
  6. package/src/components/editor/output/MarimoErrorOutput.tsx +7 -14
  7. package/src/components/editor/output/MarimoTracebackOutput.tsx +4 -3
package/dist/{process-output-BvkX_OeE.js → process-output-C0tmJosY.js} RENAMED
@@ -33,7 +33,7 @@ import { a as parser, i as pythonLanguage, n as localCompletionSource, r as pyth
33
33
  import { n as stexMath } from "./stex-D887Ylhf.js";
34
34
  import { t as purify } from "./purify.es-hTCfRGdl.js";
35
35
  import { t as useAsyncData } from "./useAsyncData-C9ez7Ilo.js";
36
- let createActions$1, elementContainsMarimoCellFile, MarimoIncomingMessageEvent, PaintRoller, moveToEndOfEditor, DotFilledIcon, CircleX, PluralWords, contextToXml, Content2$1, normalizeName, AccordionContent, Wrench, createVariableInfoElement, Accordion, Trigger2, MarkdownLanguageAdapter, BorderAllIcon, File, repl, base64ToDataView, dataSourceConnectionsAtom, PinRightIcon, Braces, getDataTypeColor, ChatBubbleIcon, FileText, adaptForLocalStorage, extractBase64FromDataURL, getRequestClient, base64ToUint8Array, getTableType, CheckIcon, Eye, jotaiJsonStorage, MarimoValueReadyEvent, LoaderCircle, DeferredRequestRegistry, MarimoValueUpdateEvent, Layers, generateUUID, AccordionItem, Trash2, PathBuilder, createInputEvent, Info, useChromeActions, cellErrorsAtom, singleFacet, ChevronDownIcon, Database, variablesAtom, Sections, Close$1, isInternalCellName, AIContextRegistry, Root2$2, customPythonLanguageSupport, deserializeBlob, esm_default, require_client, PinLeftIcon, CircleAlert, DATA_TYPE_ICON, base64ToDataURL, import_lib$1, allTablesAtom, safeExtractSetUIElementMessageBuffers, useRequestClient, isDataURLString, requestClientAtom, renderHTML, isUninstantiated, useExpandedConsoleOutput, jsonToTSV, headingToIdentifier, toPng$1, parseAttrValue, useCellActions, getDatasourceContext, selectAtom, displayCellName, useCellFocusActions, CellOutputId, createCell, Spinner, UIElementId, initialModeAtom, extractAllTracebackInfo, getCellEditorView, Popover, findCellId, kioskModeAtom, isOutputEmpty, jsonToMarkdown, isErrorMime, PopoverTrigger, jsonParseWithSpecialChar, outputIsStale, PythonIcon, filenameAtom, reducer$1, MarimoValueInputEvent, NotebookPen, goToCellLine, AccordionTrigger, Table2, Paths, useLastFocusedCellId, HTMLCellId, AnsiUp, PopoverContent, RANDOM_ID_ATTR, outputIsLoading, blobToString, NotebookScopedLocalStorage, notebookAtom, MarkdownRenderer, parseDataset, useCellIds, PopoverClose, OBJECT_ID_ATTR, viewStateAtom, dataViewToBase64, convertStatsName, filesToBase64, ZodLocalStorage, notebookOutline, LazyAnyLanguageCodeMirror, parseInitialValue, useCellNames, processOutput, getTracebackInfo, getCellNames, maybeAddAltairImport, SCRATCH_CELL_ID, getInitialAppMode, useExpandedOutput, atomWithReducer, DATA_CELL_ID, AIContextProvider, Item, Checkbox, Boosts, Anchor2, getValidName, DatasourceContextProvider, atomWithStorage, getCellDomProps, ChevronRightIcon, Columns2, PluralWord;
36
+ let createActions$1, singleFacet, MarimoIncomingMessageEvent, Table2, Paths, DotFilledIcon, Columns2, PluralWord, contextToXml, Close$1, isInternalCellName, AccordionContent, Trigger2, MarkdownLanguageAdapter, Accordion, Root2$2, customPythonLanguageSupport, BorderAllIcon, Info, useChromeActions, base64ToDataView, import_lib$1, allTablesAtom, PinRightIcon, CircleAlert, DATA_TYPE_ICON, ChatBubbleIcon, File, repl, extractBase64FromDataURL, convertStatsName, base64ToUint8Array, dataSourceConnectionsAtom, CheckIcon, FileText, adaptForLocalStorage, MarimoValueReadyEvent, NotebookPen, goToCellLine, MarimoValueUpdateEvent, LoaderCircle, DeferredRequestRegistry, AccordionItem, Wrench, createVariableInfoElement, createInputEvent, Layers, generateUUID, cellErrorsAtom, isUninstantiated, ChevronDownIcon, Eye, jotaiJsonStorage, Sections, Anchor2, getValidName, AIContextRegistry, Item, Checkbox, deserializeBlob, Braces, getDataTypeColor, PinLeftIcon, CircleX, PluralWords, base64ToDataURL, esm_default, require_client, safeExtractSetUIElementMessageBuffers, requestClientAtom, isDataURLString, getRequestClient, renderHTML, useRequestClient, useExpandedConsoleOutput, jsonToMarkdown, headingToIdentifier, toPng$1, filenameAtom, useCellActions, getDatasourceContext, atomWithStorage, getCellDomProps, useCellFocusActions, parseInitialValue, createCell, Spinner, SCRATCH_CELL_ID, initialModeAtom, elementContainsMarimoCellFile, getCellEditorView, Popover, UIElementId, kioskModeAtom, isOutputEmpty, jsonParseWithSpecialChar, isErrorMime, PopoverTrigger, RANDOM_ID_ATTR, outputIsStale, PythonIcon, ZodLocalStorage, reducer$1, MarimoValueInputEvent, PaintRoller, moveToEndOfEditor, AccordionTrigger, Trash2, PathBuilder, useLastFocusedCellId, CellOutputId, AnsiUp, PopoverContent, OBJECT_ID_ATTR, outputIsLoading, blobToString, getTracebackInfo, notebookAtom, MarkdownRenderer, parseAttrValue, useCellIds, PopoverClose, findCellId, viewStateAtom, dataViewToBase64, getTableType, filesToBase64, NotebookScopedLocalStorage, notebookOutline, LazyAnyLanguageCodeMirror, parseDataset, useCellNames, processOutput, extractAllTracebackInfo, getCellNames, maybeAddAltairImport, HTMLCellId, getInitialAppMode, useExpandedOutput, jsonToTSV, sanitizeHtml, AIContextProvider, Content2$1, normalizeName, Boosts, selectAtom, displayCellName, DatasourceContextProvider, atomWithReducer, DATA_CELL_ID, ChevronRightIcon, Database, variablesAtom;
37
37
  let __tla = Promise.all([
38
38
  (() => {
39
39
  try {
@@ -24379,7 +24379,7 @@ ${n.sqlString}
24379
24379
  t.tagName === "A" && t.hasAttribute(e) && (t.setAttribute("target", t.getAttribute(e) || ""), t.removeAttribute(e), t.getAttribute("target") === "_blank" && t.setAttribute("rel", "noopener noreferrer"));
24380
24380
  });
24381
24381
  }
24382
- function sanitizeHtml(e) {
24382
+ sanitizeHtml = function(e) {
24383
24383
  let t = {
24384
24384
  USE_PROFILES: {
24385
24385
  html: true,
@@ -24401,7 +24401,7 @@ ${n.sqlString}
24401
24401
  SAFE_FOR_XML: !e.includes("marimo-mermaid")
24402
24402
  };
24403
24403
  return purify.sanitize(e, t);
24404
- }
24404
+ };
24405
24405
  var excludedTags = [
24406
24406
  "marimo-carousel",
24407
24407
  "marimo-tabs",
@@ -28370,156 +28370,157 @@ ${t}
28370
28370
  });
28371
28371
  export {
28372
28372
  createActions$1 as $,
28373
- elementContainsMarimoCellFile as $t,
28373
+ singleFacet as $t,
28374
28374
  MarimoIncomingMessageEvent as A,
28375
- PaintRoller as An,
28376
- moveToEndOfEditor as At,
28375
+ Table2 as An,
28376
+ Paths as At,
28377
28377
  DotFilledIcon as B,
28378
- CircleX as Bn,
28379
- PluralWords as Bt,
28378
+ Columns2 as Bn,
28379
+ PluralWord as Bt,
28380
28380
  contextToXml as C,
28381
- Content2$1 as Cn,
28382
- normalizeName as Ct,
28381
+ Close$1 as Cn,
28382
+ isInternalCellName as Ct,
28383
28383
  AccordionContent as D,
28384
- Wrench as Dn,
28385
- createVariableInfoElement as Dt,
28384
+ Trigger2 as Dn,
28385
+ MarkdownLanguageAdapter as Dt,
28386
28386
  Accordion as E,
28387
- Trigger2 as En,
28388
- MarkdownLanguageAdapter as Et,
28387
+ Root2$2 as En,
28388
+ customPythonLanguageSupport as Et,
28389
28389
  BorderAllIcon as F,
28390
- File as Fn,
28391
- repl as Ft,
28390
+ Info as Fn,
28391
+ useChromeActions as Ft,
28392
28392
  base64ToDataView as G,
28393
- dataSourceConnectionsAtom as Gt,
28393
+ import_lib$1 as Gn,
28394
+ allTablesAtom as Gt,
28394
28395
  PinRightIcon as H,
28395
- Braces as Hn,
28396
- getDataTypeColor as Ht,
28396
+ CircleAlert as Hn,
28397
+ DATA_TYPE_ICON as Ht,
28397
28398
  ChatBubbleIcon as I,
28398
- FileText as In,
28399
- adaptForLocalStorage as It,
28399
+ File as In,
28400
+ repl as It,
28400
28401
  extractBase64FromDataURL as J,
28401
- getRequestClient as Jt,
28402
+ convertStatsName as Jt,
28402
28403
  base64ToUint8Array as K,
28403
- getTableType as Kt,
28404
+ dataSourceConnectionsAtom as Kt,
28404
28405
  CheckIcon as L,
28405
- Eye as Ln,
28406
- jotaiJsonStorage as Lt,
28406
+ FileText as Ln,
28407
+ adaptForLocalStorage as Lt,
28407
28408
  MarimoValueReadyEvent as M,
28408
- LoaderCircle as Mn,
28409
- DeferredRequestRegistry as Mt,
28409
+ NotebookPen as Mn,
28410
+ goToCellLine as Mt,
28410
28411
  MarimoValueUpdateEvent as N,
28411
- Layers as Nn,
28412
- generateUUID as Nt,
28412
+ LoaderCircle as Nn,
28413
+ DeferredRequestRegistry as Nt,
28413
28414
  AccordionItem as O,
28414
- Trash2 as On,
28415
- PathBuilder as Ot,
28415
+ Wrench as On,
28416
+ createVariableInfoElement as Ot,
28416
28417
  createInputEvent as P,
28417
- Info as Pn,
28418
- useChromeActions as Pt,
28418
+ Layers as Pn,
28419
+ generateUUID as Pt,
28419
28420
  cellErrorsAtom as Q,
28420
- singleFacet as Qt,
28421
+ isUninstantiated as Qt,
28421
28422
  ChevronDownIcon as R,
28422
- Database as Rn,
28423
- variablesAtom as Rt,
28423
+ Eye as Rn,
28424
+ jotaiJsonStorage as Rt,
28424
28425
  Sections as S,
28425
- Close$1 as Sn,
28426
- isInternalCellName as St,
28426
+ Anchor2 as Sn,
28427
+ getValidName as St,
28427
28428
  AIContextRegistry as T,
28428
- Root2$2 as Tn,
28429
- customPythonLanguageSupport as Tt,
28429
+ Item as Tn,
28430
+ Checkbox as Tt,
28430
28431
  deserializeBlob as U,
28431
- esm_default as Un,
28432
- require_client as Ut,
28432
+ Braces as Un,
28433
+ getDataTypeColor as Ut,
28433
28434
  PinLeftIcon as V,
28434
- CircleAlert as Vn,
28435
- DATA_TYPE_ICON as Vt,
28435
+ CircleX as Vn,
28436
+ PluralWords as Vt,
28436
28437
  base64ToDataURL as W,
28437
- import_lib$1 as Wn,
28438
- allTablesAtom as Wt,
28438
+ esm_default as Wn,
28439
+ require_client as Wt,
28439
28440
  safeExtractSetUIElementMessageBuffers as X,
28440
- useRequestClient as Xt,
28441
+ requestClientAtom as Xt,
28441
28442
  isDataURLString as Y,
28442
- requestClientAtom as Yt,
28443
+ getRequestClient as Yt,
28443
28444
  renderHTML as Z,
28444
- isUninstantiated as Zt,
28445
+ useRequestClient as Zt,
28445
28446
  useExpandedConsoleOutput as _,
28446
28447
  __tla,
28447
- jsonToTSV as _n,
28448
+ jsonToMarkdown as _n,
28448
28449
  headingToIdentifier as _t,
28449
28450
  toPng$1 as a,
28450
- parseAttrValue as an,
28451
+ filenameAtom as an,
28451
28452
  useCellActions as at,
28452
28453
  getDatasourceContext as b,
28453
- selectAtom as bn,
28454
- displayCellName as bt,
28454
+ atomWithStorage as bn,
28455
+ getCellDomProps as bt,
28455
28456
  useCellFocusActions as c,
28456
- CellOutputId as cn,
28457
+ parseInitialValue as cn,
28457
28458
  createCell as ct,
28458
28459
  Spinner as d,
28459
- UIElementId as dn,
28460
+ SCRATCH_CELL_ID as dn,
28460
28461
  initialModeAtom as dt,
28461
- extractAllTracebackInfo as en,
28462
+ elementContainsMarimoCellFile as en,
28462
28463
  getCellEditorView as et,
28463
28464
  Popover as f,
28464
- findCellId as fn,
28465
+ UIElementId as fn,
28465
28466
  kioskModeAtom as ft,
28466
28467
  isOutputEmpty as g,
28467
- jsonToMarkdown as gn,
28468
+ jsonParseWithSpecialChar as gn,
28468
28469
  isErrorMime as gt,
28469
28470
  PopoverTrigger as h,
28470
- jsonParseWithSpecialChar as hn,
28471
+ RANDOM_ID_ATTR as hn,
28471
28472
  outputIsStale as ht,
28472
28473
  PythonIcon as i,
28473
- filenameAtom as in,
28474
+ ZodLocalStorage as in,
28474
28475
  reducer$1 as it,
28475
28476
  MarimoValueInputEvent as j,
28476
- NotebookPen as jn,
28477
- goToCellLine as jt,
28477
+ PaintRoller as jn,
28478
+ moveToEndOfEditor as jt,
28478
28479
  AccordionTrigger as k,
28479
- Table2 as kn,
28480
- Paths as kt,
28480
+ Trash2 as kn,
28481
+ PathBuilder as kt,
28481
28482
  useLastFocusedCellId as l,
28482
- HTMLCellId as ln,
28483
+ CellOutputId as ln,
28483
28484
  AnsiUp as lt,
28484
28485
  PopoverContent as m,
28485
- RANDOM_ID_ATTR as mn,
28486
+ OBJECT_ID_ATTR as mn,
28486
28487
  outputIsLoading as mt,
28487
28488
  blobToString as n,
28488
- NotebookScopedLocalStorage as nn,
28489
+ getTracebackInfo as nn,
28489
28490
  notebookAtom as nt,
28490
28491
  MarkdownRenderer as o,
28491
- parseDataset as on,
28492
+ parseAttrValue as on,
28492
28493
  useCellIds as ot,
28493
28494
  PopoverClose as p,
28494
- OBJECT_ID_ATTR as pn,
28495
+ findCellId as pn,
28495
28496
  viewStateAtom as pt,
28496
28497
  dataViewToBase64 as q,
28497
- convertStatsName as qt,
28498
+ getTableType as qt,
28498
28499
  filesToBase64 as r,
28499
- ZodLocalStorage as rn,
28500
+ NotebookScopedLocalStorage as rn,
28500
28501
  notebookOutline as rt,
28501
28502
  LazyAnyLanguageCodeMirror as s,
28502
- parseInitialValue as sn,
28503
+ parseDataset as sn,
28503
28504
  useCellNames as st,
28504
28505
  processOutput as t,
28505
- getTracebackInfo as tn,
28506
+ extractAllTracebackInfo as tn,
28506
28507
  getCellNames as tt,
28507
28508
  maybeAddAltairImport as u,
28508
- SCRATCH_CELL_ID as un,
28509
+ HTMLCellId as un,
28509
28510
  getInitialAppMode as ut,
28510
28511
  useExpandedOutput as v,
28511
- atomWithReducer as vn,
28512
- DATA_CELL_ID as vt,
28512
+ jsonToTSV as vn,
28513
+ sanitizeHtml as vt,
28513
28514
  AIContextProvider as w,
28514
- Item as wn,
28515
- Checkbox as wt,
28515
+ Content2$1 as wn,
28516
+ normalizeName as wt,
28516
28517
  Boosts as x,
28517
- Anchor2 as xn,
28518
- getValidName as xt,
28518
+ selectAtom as xn,
28519
+ displayCellName as xt,
28519
28520
  DatasourceContextProvider as y,
28520
- atomWithStorage as yn,
28521
- getCellDomProps as yt,
28521
+ atomWithReducer as yn,
28522
+ DATA_CELL_ID as yt,
28522
28523
  ChevronRightIcon as z,
28523
- Columns2 as zn,
28524
- PluralWord as zt
28524
+ Database as zn,
28525
+ variablesAtom as zt
28525
28526
  };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@marimo-team/islands",
3
- "version": "0.22.5-dev4",
3
+ "version": "0.22.5-dev7",
4
4
  "main": "dist/main.js",
5
5
  "types": "dist/index.d.ts",
6
6
  "type": "module",
package/src/components/editor/errors/traceback-modal.tsx CHANGED
@@ -12,6 +12,8 @@ import {
12
12
  } from "@/components/ui/alert-dialog";
13
13
  import { CopyIcon } from "lucide-react";
14
14
  import { toast } from "@/components/ui/use-toast";
15
+ import { renderHTML } from "@/plugins/core/RenderHTML";
16
+ import { sanitizeHtml } from "@/plugins/core/sanitize-html";
15
17
 
16
18
  interface TracebackModalProps {
17
19
  isOpen: boolean;
@@ -29,7 +31,7 @@ export const TracebackModal: React.FC<TracebackModalProps> = ({
29
31
  const handleCopy = async () => {
30
32
  // Strip HTML tags for clipboard
31
33
  const tempDiv = document.createElement("div");
32
- tempDiv.innerHTML = traceback;
34
+ tempDiv.innerHTML = sanitizeHtml(traceback);
33
35
  const textContent = tempDiv.textContent || tempDiv.innerText || "";
34
36
 
35
37
  try {
@@ -73,10 +75,9 @@ export const TracebackModal: React.FC<TracebackModalProps> = ({
73
75
  Copy
74
76
  </Button>
75
77
  </div>
76
- <div
77
- className="font-code text-sm p-4 bg-muted rounded border overflow-auto max-h-[50vh] cursor-text select-text"
78
- dangerouslySetInnerHTML={{ __html: traceback }}
79
- />
78
+ <div className="font-code text-sm p-4 bg-muted rounded border overflow-auto max-h-[50vh] cursor-text select-text">
79
+ {renderHTML({ html: traceback })}
80
+ </div>
80
81
  </div>
81
82
  <AlertDialogFooter>
82
83
  <AlertDialogAction onClick={onClose}>Close</AlertDialogAction>
package/src/components/editor/output/MarimoErrorOutput.tsx CHANGED
@@ -25,6 +25,7 @@ import { useChromeActions } from "../chrome/state";
25
25
  import { AutoFixButton } from "../errors/auto-fix";
26
26
  import { CellLinkError } from "../links/cell-link";
27
27
  import { processTextForUrls } from "./console/text-rendering";
28
+ import { renderHTML } from "@/plugins/core/RenderHTML";
28
29
 
29
30
  const Tip = (props: {
30
31
  title?: string;
@@ -486,13 +487,9 @@ export const MarimoErrorOutput = ({
486
487
  {processTextForUrls(error.msg, `exception-${idx}`)}
487
488
  </p>
488
489
  {"traceback" in error && error.traceback ? (
489
- <div
490
- className="font-code text-sm mt-2 p-3 bg-muted rounded border overflow-auto max-h-[50vh] cursor-text select-text"
491
- // biome-ignore lint/security/noDangerouslySetInnerHtml: traceback from backend
492
- dangerouslySetInnerHTML={{
493
- __html: error.traceback,
494
- }}
495
- />
490
+ <div className="font-code text-sm mt-2 p-3 bg-muted rounded border overflow-auto max-h-[50vh] cursor-text select-text">
491
+ {renderHTML({ html: error.traceback })}
492
+ </div>
496
493
  ) : (
497
494
  <div className="text-muted-foreground mt-2">
498
495
  See the console area for a traceback.
@@ -504,13 +501,9 @@ export const MarimoErrorOutput = ({
504
501
  {processTextForUrls(error.msg, `exception-${idx}`)}
505
502
  <CellLinkError cellId={error.raising_cell} />
506
503
  {"traceback" in error && error.traceback && (
507
- <div
508
- className="font-code text-sm mt-2 p-3 bg-muted rounded border overflow-auto max-h-[50vh] cursor-text select-text"
509
- // biome-ignore lint/security/noDangerouslySetInnerHtml: traceback from backend
510
- dangerouslySetInnerHTML={{
511
- __html: error.traceback,
512
- }}
513
- />
504
+ <div className="font-code text-sm mt-2 p-3 bg-muted rounded border overflow-auto max-h-[50vh] cursor-text select-text">
505
+ {renderHTML({ html: error.traceback })}
506
+ </div>
514
507
  )}
515
508
  </div>
516
509
  )}
package/src/components/editor/output/MarimoTracebackOutput.tsx CHANGED
@@ -34,6 +34,7 @@ import { getRequestClient } from "@/core/network/requests";
34
34
  import { isStaticNotebook } from "@/core/static/static-state";
35
35
  import { isWasm } from "@/core/wasm/utils";
36
36
  import { renderHTML } from "@/plugins/core/RenderHTML";
37
+ import { sanitizeHtml } from "@/plugins/core/sanitize-html";
37
38
  import { copyToClipboard } from "@/utils/copy";
38
39
  import {
39
40
  elementContainsMarimoCellFile,
@@ -173,9 +174,9 @@ export const MarimoTracebackOutput = ({
173
174
  </DropdownMenuItem>
174
175
  <DropdownMenuItem
175
176
  onClick={() => {
176
- // Strip HTML from the traceback
177
+ // Strip HTML from the traceback (sanitize first to prevent XSS)
177
178
  const div = document.createElement("div");
178
- div.innerHTML = traceback;
179
+ div.innerHTML = sanitizeHtml(traceback);
179
180
  const textContent = div.textContent || "";
180
181
  copyToClipboard(textContent);
181
182
  }}
@@ -193,7 +194,7 @@ export const MarimoTracebackOutput = ({
193
194
 
194
195
  function lastLine(text: string): string {
195
196
  const el = document.createElement("div");
196
- el.innerHTML = text;
197
+ el.innerHTML = sanitizeHtml(text);
197
198
  const lines = el.textContent?.split("\n").filter(Boolean);
198
199
  return lines?.at(-1) || "";
199
200
  }