@marimo-team/islands 0.23.2-dev39 → 0.23.2-dev40

package/dist/{process-output-CM8yijAP.js → process-output-BWEipdFR.js}

@@ -33,7 +33,7 @@ import { a as parser, i as pythonLanguage, n as localCompletionSource, r as pyth
 import { n as stexMath } from "./stex-Ze8D4R_5.js";
 import { t as purify } from "./purify.es-ukiMXY-F.js";
 import { t as useAsyncData } from "./useAsyncData-B1v_9k4L.js";
-let createActions$1, isUninstantiated, MarimoIncomingMessageEvent, Trash2, PathBuilder, DotFilledIcon, Database, variablesAtom, contextToXml, Anchor2, getValidName, AccordionContent, Root2$2, customPythonLanguageSupport, Accordion, Item, Checkbox, BorderAllIcon, Layers, generateUUID, base64ToDataView, esm_default, require_client, PinRightIcon, CircleX, PluralWords, ChatBubbleIcon, Info, useChromeActions, extractBase64FromDataURL, getTableType, base64ToUint8Array, import_lib$1, allTablesAtom, CheckIcon, File, repl, MarimoValueReadyEvent, PaintRoller, moveToEndOfEditor, MarimoValueUpdateEvent, NotebookPen, goToCellLine, AccordionItem, Trigger2, MarkdownLanguageAdapter, createInputEvent, LoaderCircle, DeferredRequestRegistry, cellErrorsAtom, useRequestClient, ChevronDownIcon, FileText, adaptForLocalStorage, Sections, selectAtom, displayCellName, AIContextRegistry, Content2$1, normalizeName, deserializeBlob, CircleAlert, DATA_TYPE_ICON, PinLeftIcon, Columns2, PluralWord, base64ToDataURL, Braces, getDataTypeColor, safeExtractSetUIElementMessageBuffers, getRequestClient, isDataURLString, convertStatsName, renderHTML, requestClientAtom, useExpandedConsoleOutput, jsonParseWithSpecialChar, isErrorMime, toPng$1, ZodLocalStorage, reducer$1, getDatasourceContext, atomWithReducer, DATA_CELL_ID, useCellFocusActions, parseDataset, useCellNames, Spinner, HTMLCellId, getInitialAppMode, singleFacet, getCellEditorView, Popover, SCRATCH_CELL_ID, initialModeAtom, isOutputEmpty, RANDOM_ID_ATTR, outputIsStale, PopoverTrigger, OBJECT_ID_ATTR, outputIsLoading, PythonIcon, NotebookScopedLocalStorage, numColumnsAtom, MarimoValueInputEvent, Table2, Paths, AccordionTrigger, Wrench, createVariableInfoElement, useLastFocusedCellId, parseInitialValue, createCell, PopoverContent, findCellId, viewStateAtom, blobToString, extractAllTracebackInfo, notebookAtom, MarkdownRenderer, filenameAtom, useCellActions, PopoverClose, UIElementId, kioskModeAtom, dataViewToBase64, dataSourceConnectionsAtom, filesToBase64, getTracebackInfo, notebookOutline, LazyAnyLanguageCodeMirror, parseAttrValue, useCellIds, processOutput, elementContainsMarimoCellFile, getCellNames, maybeAddAltairImport, CellOutputId, AnsiUp, useExpandedOutput, jsonToMarkdown, headingToIdentifier, AIContextProvider, Close$1, isInternalCellName, Boosts, atomWithStorage, getCellDomProps, DatasourceContextProvider, jsonToTSV, sanitizeHtml, ChevronRightIcon, Eye, jotaiJsonStorage;
+let cellErrorsAtom, useRequestClient, MarimoIncomingMessageEvent, Wrench, createVariableInfoElement, DotFilledIcon, Eye, jotaiJsonStorage, contextToXml, selectAtom, displayCellName, AccordionContent, Item, Checkbox, Accordion, Content2$1, normalizeName, BorderAllIcon, LoaderCircle, DeferredRequestRegistry, base64ToDataView, Braces, getDataTypeColor, PinRightIcon, Columns2, PluralWord, ChatBubbleIcon, Layers, generateUUID, extractBase64FromDataURL, dataSourceConnectionsAtom, base64ToUint8Array, esm_default, require_client, CheckIcon, Info, useChromeActions, MarimoValueReadyEvent, Table2, Paths, MarimoValueUpdateEvent, PaintRoller, moveToEndOfEditor, AccordionItem, Root2$2, customPythonLanguageSupport, createInputEvent, NotebookPen, goToCellLine, hasRunAnyCellAtom, requestClientAtom, ChevronDownIcon, File, repl, Sections, atomWithStorage, getCellDomProps, AIContextRegistry, Close$1, isInternalCellName, deserializeBlob, CircleX, PluralWords, PinLeftIcon, Database, variablesAtom, base64ToDataURL, CircleAlert, DATA_TYPE_ICON, safeExtractSetUIElementMessageBuffers, convertStatsName, isDataURLString, getTableType, renderHTML, getRequestClient, useExpandedConsoleOutput, RANDOM_ID_ATTR, outputIsStale, toPng$1, NotebookScopedLocalStorage, numColumnsAtom, getDatasourceContext, jsonToTSV, sanitizeHtml, useCellFocusActions, parseAttrValue, useCellIds, Spinner, CellOutputId, AnsiUp, isUninstantiated, createActions$1, Popover, HTMLCellId, getInitialAppMode, isOutputEmpty, OBJECT_ID_ATTR, outputIsLoading, PopoverTrigger, findCellId, viewStateAtom, PythonIcon, getTracebackInfo, notebookOutline, MarimoValueInputEvent, Trash2, PathBuilder, AccordionTrigger, Trigger2, MarkdownLanguageAdapter, useLastFocusedCellId, parseDataset, useCellNames, PopoverContent, UIElementId, kioskModeAtom, blobToString, elementContainsMarimoCellFile, getCellNames, MarkdownRenderer, ZodLocalStorage, reducer$1, PopoverClose, SCRATCH_CELL_ID, initialModeAtom, dataViewToBase64, import_lib$1, allTablesAtom, filesToBase64, extractAllTracebackInfo, notebookAtom, LazyAnyLanguageCodeMirror, filenameAtom, useCellActions, processOutput, singleFacet, getCellEditorView, maybeAddAltairImport, parseInitialValue, createCell, useExpandedOutput, jsonParseWithSpecialChar, isErrorMime, AIContextProvider, Anchor2, getValidName, Boosts, atomWithReducer, DATA_CELL_ID, DatasourceContextProvider, jsonToMarkdown, headingToIdentifier, ChevronRightIcon, FileText, adaptForLocalStorage;
 let __tla = Promise.all([
   (() => {
     try {
@@ -26747,7 +26747,7 @@ ${n.sqlString}
     }), t[4] = r, t[5] = a, t[6] = o, t[7] = s) : s = t[7], s;
   };
   require_compiler_runtime();
-  const hasRunAnyCellAtom = atom(false);
+  hasRunAnyCellAtom = atom(false);
   var sanitizeHtmlAtom = atom((e) => {
     let t = e(hasRunAnyCellAtom), n = e(autoInstantiateAtom);
     if (t || n) return false;
@@ -28424,159 +28424,160 @@ ${t}
   };
 });
 export {
-  createActions$1 as $,
-  isUninstantiated as $t,
+  cellErrorsAtom as $,
+  useRequestClient as $t,
   MarimoIncomingMessageEvent as A,
-  Trash2 as An,
-  PathBuilder as At,
+  Wrench as An,
+  createVariableInfoElement as At,
   DotFilledIcon as B,
-  Database as Bn,
-  variablesAtom as Bt,
+  Eye as Bn,
+  jotaiJsonStorage as Bt,
   contextToXml as C,
-  Anchor2 as Cn,
-  getValidName as Ct,
+  selectAtom as Cn,
+  displayCellName as Ct,
   AccordionContent as D,
-  Root2$2 as Dn,
-  customPythonLanguageSupport as Dt,
+  Item as Dn,
+  Checkbox as Dt,
   Accordion as E,
-  Item as En,
-  Checkbox as Et,
+  Content2$1 as En,
+  normalizeName as Et,
   BorderAllIcon as F,
-  Layers as Fn,
-  generateUUID as Ft,
+  LoaderCircle as Fn,
+  DeferredRequestRegistry as Ft,
   base64ToDataView as G,
-  esm_default as Gn,
-  require_client as Gt,
+  Braces as Gn,
+  getDataTypeColor as Gt,
   PinRightIcon as H,
-  CircleX as Hn,
-  PluralWords as Ht,
+  Columns2 as Hn,
+  PluralWord as Ht,
   ChatBubbleIcon as I,
-  Info as In,
-  useChromeActions as It,
+  Layers as In,
+  generateUUID as It,
   extractBase64FromDataURL as J,
-  getTableType as Jt,
+  dataSourceConnectionsAtom as Jt,
   base64ToUint8Array as K,
-  import_lib$1 as Kn,
-  allTablesAtom as Kt,
+  esm_default as Kn,
+  require_client as Kt,
   CheckIcon as L,
-  File as Ln,
-  repl as Lt,
+  Info as Ln,
+  useChromeActions as Lt,
   MarimoValueReadyEvent as M,
-  PaintRoller as Mn,
-  moveToEndOfEditor as Mt,
+  Table2 as Mn,
+  Paths as Mt,
   MarimoValueUpdateEvent as N,
-  NotebookPen as Nn,
-  goToCellLine as Nt,
+  PaintRoller as Nn,
+  moveToEndOfEditor as Nt,
   AccordionItem as O,
-  Trigger2 as On,
-  MarkdownLanguageAdapter as Ot,
+  Root2$2 as On,
+  customPythonLanguageSupport as Ot,
   createInputEvent as P,
-  LoaderCircle as Pn,
-  DeferredRequestRegistry as Pt,
-  cellErrorsAtom as Q,
-  useRequestClient as Qt,
+  NotebookPen as Pn,
+  goToCellLine as Pt,
+  hasRunAnyCellAtom as Q,
+  requestClientAtom as Qt,
   ChevronDownIcon as R,
-  FileText as Rn,
-  adaptForLocalStorage as Rt,
+  File as Rn,
+  repl as Rt,
   Sections as S,
-  selectAtom as Sn,
-  displayCellName as St,
+  atomWithStorage as Sn,
+  getCellDomProps as St,
   AIContextRegistry as T,
-  Content2$1 as Tn,
-  normalizeName as Tt,
+  Close$1 as Tn,
+  isInternalCellName as Tt,
   deserializeBlob as U,
-  CircleAlert as Un,
-  DATA_TYPE_ICON as Ut,
+  CircleX as Un,
+  PluralWords as Ut,
   PinLeftIcon as V,
-  Columns2 as Vn,
-  PluralWord as Vt,
+  Database as Vn,
+  variablesAtom as Vt,
   base64ToDataURL as W,
-  Braces as Wn,
-  getDataTypeColor as Wt,
+  CircleAlert as Wn,
+  DATA_TYPE_ICON as Wt,
   safeExtractSetUIElementMessageBuffers as X,
-  getRequestClient as Xt,
+  convertStatsName as Xt,
   isDataURLString as Y,
-  convertStatsName as Yt,
+  getTableType as Yt,
   renderHTML as Z,
-  requestClientAtom as Zt,
+  getRequestClient as Zt,
   useExpandedConsoleOutput as _,
   __tla,
-  jsonParseWithSpecialChar as _n,
-  isErrorMime as _t,
+  RANDOM_ID_ATTR as _n,
+  outputIsStale as _t,
   toPng$1 as a,
-  ZodLocalStorage as an,
-  reducer$1 as at,
+  NotebookScopedLocalStorage as an,
+  numColumnsAtom as at,
   getDatasourceContext as b,
-  atomWithReducer as bn,
-  DATA_CELL_ID as bt,
+  jsonToTSV as bn,
+  sanitizeHtml as bt,
   useCellFocusActions as c,
-  parseDataset as cn,
-  useCellNames as ct,
+  parseAttrValue as cn,
+  useCellIds as ct,
   Spinner as d,
-  HTMLCellId as dn,
-  getInitialAppMode as dt,
-  singleFacet as en,
-  getCellEditorView as et,
+  CellOutputId as dn,
+  AnsiUp as dt,
+  isUninstantiated as en,
+  createActions$1 as et,
   Popover as f,
-  SCRATCH_CELL_ID as fn,
-  initialModeAtom as ft,
+  HTMLCellId as fn,
+  getInitialAppMode as ft,
   isOutputEmpty as g,
-  RANDOM_ID_ATTR as gn,
-  outputIsStale as gt,
+  OBJECT_ID_ATTR as gn,
+  outputIsLoading as gt,
   PopoverTrigger as h,
-  OBJECT_ID_ATTR as hn,
-  outputIsLoading as ht,
+  findCellId as hn,
+  viewStateAtom as ht,
   PythonIcon as i,
-  NotebookScopedLocalStorage as in,
-  numColumnsAtom as it,
+  getTracebackInfo as in,
+  notebookOutline as it,
   MarimoValueInputEvent as j,
-  Table2 as jn,
-  Paths as jt,
+  Trash2 as jn,
+  PathBuilder as jt,
   AccordionTrigger as k,
-  Wrench as kn,
-  createVariableInfoElement as kt,
+  Trigger2 as kn,
+  MarkdownLanguageAdapter as kt,
   useLastFocusedCellId as l,
-  parseInitialValue as ln,
-  createCell as lt,
+  parseDataset as ln,
+  useCellNames as lt,
   PopoverContent as m,
-  findCellId as mn,
-  viewStateAtom as mt,
+  UIElementId as mn,
+  kioskModeAtom as mt,
   blobToString as n,
-  extractAllTracebackInfo as nn,
-  notebookAtom as nt,
+  elementContainsMarimoCellFile as nn,
+  getCellNames as nt,
   MarkdownRenderer as o,
-  filenameAtom as on,
-  useCellActions as ot,
+  ZodLocalStorage as on,
+  reducer$1 as ot,
   PopoverClose as p,
-  UIElementId as pn,
-  kioskModeAtom as pt,
+  SCRATCH_CELL_ID as pn,
+  initialModeAtom as pt,
   dataViewToBase64 as q,
-  dataSourceConnectionsAtom as qt,
+  import_lib$1 as qn,
+  allTablesAtom as qt,
   filesToBase64 as r,
-  getTracebackInfo as rn,
-  notebookOutline as rt,
+  extractAllTracebackInfo as rn,
+  notebookAtom as rt,
   LazyAnyLanguageCodeMirror as s,
-  parseAttrValue as sn,
-  useCellIds as st,
+  filenameAtom as sn,
+  useCellActions as st,
   processOutput as t,
-  elementContainsMarimoCellFile as tn,
-  getCellNames as tt,
+  singleFacet as tn,
+  getCellEditorView as tt,
   maybeAddAltairImport as u,
-  CellOutputId as un,
-  AnsiUp as ut,
+  parseInitialValue as un,
+  createCell as ut,
   useExpandedOutput as v,
-  jsonToMarkdown as vn,
-  headingToIdentifier as vt,
+  jsonParseWithSpecialChar as vn,
+  isErrorMime as vt,
   AIContextProvider as w,
-  Close$1 as wn,
-  isInternalCellName as wt,
+  Anchor2 as wn,
+  getValidName as wt,
   Boosts as x,
-  atomWithStorage as xn,
-  getCellDomProps as xt,
+  atomWithReducer as xn,
+  DATA_CELL_ID as xt,
   DatasourceContextProvider as y,
-  jsonToTSV as yn,
-  sanitizeHtml as yt,
+  jsonToMarkdown as yn,
+  headingToIdentifier as yt,
   ChevronRightIcon as z,
-  Eye as zn,
-  jotaiJsonStorage as zt
+  FileText as zn,
+  adaptForLocalStorage as zt
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@marimo-team/islands",
-  "version": "0.23.2-dev39",
+  "version": "0.23.2-dev40",
   "main": "dist/main.js",
   "types": "dist/index.d.ts",
   "type": "module",

package/src/plugins/core/__test__/trusted-url.test.ts

@@ -1,5 +1,7 @@
 /* Copyright 2026 Marimo. All rights reserved. */
-import { describe, expect, it } from "vitest";
+import { afterEach, beforeEach, describe, expect, it } from "vitest";
+import { hasRunAnyCellAtom } from "@/components/editor/cell/useRunCells";
+import { store } from "@/core/state/jotai";
 import { isTrustedVirtualFileUrl } from "../trusted-url";
 
 describe("isTrustedVirtualFileUrl", () => {
@@ -45,4 +47,46 @@ describe("isTrustedVirtualFileUrl", () => {
     expect(isTrustedVirtualFileUrl(42)).toBe(false);
     expect(isTrustedVirtualFileUrl({})).toBe(false);
   });
+
+  describe("data URL exemption", () => {
+    let previousHasRunAnyCell: boolean;
+
+    beforeEach(() => {
+      previousHasRunAnyCell = store.get(hasRunAnyCellAtom);
+      store.set(hasRunAnyCellAtom, true);
+    });
+
+    afterEach(() => {
+      store.set(hasRunAnyCellAtom, previousHasRunAnyCell);
+    });
+
+    it.each([
+      "data:text/javascript;base64,ZXhwb3J0IGRlZmF1bHQge30=",
+      "data:application/javascript;base64,ZXhwb3J0IGRlZmF1bHQge30=",
+      "data:text/css;base64,Ym9keXt9",
+    ])("accepts safe data URL %s after a cell has run", (url) => {
+      expect(isTrustedVirtualFileUrl(url)).toBe(true);
+    });
+
+    it.each([
+      // Non-base64 data URLs are refused
+      "data:text/javascript,alert(1)",
+      "data:text/javascript;charset=utf-8,alert(1)",
+      // HTML / SVG / arbitrary types are refused
+      "data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==",
+      "data:image/svg+xml;base64,PHN2Zy8+",
+      "data:application/octet-stream;base64,AAA=",
+    ])("still rejects unsafe data URL %s", (url) => {
+      expect(isTrustedVirtualFileUrl(url)).toBe(false);
+    });
+
+    it("rejects data URL when no cell has been run", () => {
+      store.set(hasRunAnyCellAtom, false);
+      expect(
+        isTrustedVirtualFileUrl(
+          "data:text/javascript;base64,ZXhwb3J0IGRlZmF1bHQge30=",
+        ),
+      ).toBe(false);
+    });
+  });
 });

package/src/plugins/core/trusted-url.ts

@@ -1,20 +1,45 @@
 /* Copyright 2026 Marimo. All rights reserved. */
 
+import { hasRunAnyCellAtom } from "@/components/editor/cell/useRunCells";
+import { store } from "@/core/state/jotai";
+
 /**
  * Whether a URL can be trusted to point at a marimo-served virtual file.
  *
  * Plugins that load remote scripts or stylesheets (e.g. MplInteractive, Panel)
  * must call this before turning a plugin-supplied URL into a `<script src>` or
- * `<link href>`. The backend always serializes these URLs as virtual file
+ * `<link href>`. The backend normally serializes these URLs as virtual file
  * paths of the form `./@file/<byte_length>-<filename>` (see
  * `VirtualFile.create_and_register`). Accepting anything else would let a
  * maliciously crafted `<marimo-*>` element embedded in markdown load
  * attacker-controlled JavaScript at same origin, since the HTML sanitizer
  * lets arbitrary marimo custom elements and attributes through.
+ *
+ * Some runtimes (WASM, VS Code) have no backend to serve virtual files, so
+ * `VirtualFile` falls back to inline base64 data URLs (see `virtual_file.py`).
+ * We accept those only once the user has explicitly run a cell in the current
+ * notebook — the same trust signal `sanitize.ts` uses to lift HTML
+ * sanitization. Running a cell requires deliberate user action and already
+ * executes arbitrary Python, so a data URL script loaded afterwards is not a
+ * new attack surface.
  */
 export function isTrustedVirtualFileUrl(url: unknown): url is string {
   if (typeof url !== "string" || url.length === 0) {
     return false;
   }
-  return /^(\.?\/)?@file\/[^?#]+$/.test(url);
+  if (/^(\.?\/)?@file\/[^?#]+$/.test(url)) {
+    return true;
+  }
+  if (isSafeDataUrl(url) && store.get(hasRunAnyCellAtom)) {
+    return true;
+  }
+  return false;
+}
+
+function isSafeDataUrl(url: string): boolean {
+  return (
+    url.startsWith("data:text/javascript;base64,") ||
+    url.startsWith("data:application/javascript;base64,") ||
+    url.startsWith("data:text/css;base64,")
+  );
 }