#16004: Update notebook to utilize pure javascript JSmol for default live 3-D
-------------------------------------+-------------------------------------
Reporter: gutow | Owner: gutow
Type: enhancement | Status: needs_review
Priority: major | Milestone: sage-6.4
Component: notebook | Resolution:
Keywords: Jmol 3D 3-D | Merged in:
Authors: Jonathan Gutow, | Reviewers: Steven Trogdon, Karl-
Volker Braun | Dieter Crisman, Jonathan Gutow
Report Upstream: Reported | Work issues:
upstream. Developers acknowledge | Commit:
bug. | Stopgaps:
Branch: |
Dependencies: #17020 |
-------------------------------------+-------------------------------------
Comment (by kcrisman):
Here is at least one piece of the problem, in the file
`sagenb/flask_version/worksheet.py`:
{{{
filename = match.group('filename')
filename = secure_filename(filename) # never trust input
}}}
This removes the ? without the rest.
Interestingly, one reason this happens at all is because only Chrome goes
through this URI
{{{
@worksheet_command('jsmol')
def worksheet_jsmol_data(worksheet):
}}}
as far as I can tell. I have no idea why the others don't.
Anyhow, maybe this updated version of the first diff would work.
{{{
#!diff
diff --git a/sagenb/flask_version/worksheet.py
b/sagenb/flask_version/worksheet.py
index 40c3d54..fd0dcf2 100644
--- a/sagenb/flask_version/worksheet.py
+++ b/sagenb/flask_version/worksheet.py
@@ -695,6 +695,7 @@ def worksheet_jsmol_data(worksheet):
return current_app.message(_('Invalid JSmol query: ' +
query))
cell_id = match.group('cell_id')
filename = match.group('filename')
+ filename = filename.rsplit('?',1)[0] # appended query is only for
cache busting
filename = secure_filename(filename) # never trust input
filename = os.path.join(worksheet.cells_directory(), cell_id,
filename)
with open(filename, 'r') as f:
diff --git a/sagenb/notebook/cell.py b/sagenb/notebook/cell.py
index 7c322c9..d0ce526 100755
--- a/sagenb/notebook/cell.py
+++ b/sagenb/notebook/cell.py
@@ -2350,7 +2350,7 @@ class Cell(Cell_generic):
<div id="loadJmol" style="display:none;">{id}</div>
<div id="sage_jmol_size_{id}"
style="display:none;">{size}</div>
<div id="sage_jmol_img_{id}"
style="display:none;">{image_name}.png?{timestamp}</div>
- <div id="sage_jmol_script_{id}"
style="display:none;">{filename}</div>
+ <div id="sage_jmol_script_{id}"
style="display:none;">{filename}?{timestamp}</div>
<div id="sage_jmol_server_url_{id}"
style="display:none;">{callback}</div>
<div id="sage_jmol_status_{id}"
style="display:none;">notActivated</div>
</div>
}}}
Try one or all of these out.
--
Ticket URL: <http://trac.sagemath.org/ticket/16004#comment:126>
Sage <http://www.sagemath.org>
Sage: Creating a Viable Open Source Alternative to Magma, Maple, Mathematica,
and MATLAB
--
You received this message because you are subscribed to the Google Groups
"sage-trac" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/sage-trac.
For more options, visit https://groups.google.com/d/optout.
