Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trust Notebook Content and readonly notebooks #108946

Closed
DonJayamanne opened this issue Oct 19, 2020 · 2 comments
Closed

Trust Notebook Content and readonly notebooks #108946

DonJayamanne opened this issue Oct 19, 2020 · 2 comments
Assignees
@rebornix
Labels
notebook under-discussion Issue is under discussion for relevance, priority, approach verification-needed Verification of issue is requested verified Verification succeeded
Milestone
November 2020

Comments

@DonJayamanne
Copy link
Contributor

Creating an issue to capture what was discussed last week with VS Code:
Python extension would like the following capabilities:

  • Hide output when notebook is not trusted (based on some metadata)
  • Trusting a ntoebook (updating this metadata) should not mark the notebook as dirty
  • Disable saving/editing notebooks when a notebook is not trusted
    • This is required, because of todays implementation of trusted notebooks in python extension)
    • Today if a user attempts to save an untrusted notebook, Python extension would have to handle this and swallow this method call (i.e. noop).

@rebornix /cc
@rebornix rebornix added under-discussion Issue is under discussion for relevance, priority, approach notebook labels Nov 2, 2020
@rebornix rebornix added this to the November 2020 milestone Nov 19, 2020
@rebornix
Copy link
Member

Added a new property NotebookDocumentMetadata#trusted to control if insecure outputs can be rendered (html, javascript, svg, etc). We will only render secure ones if trusted: false. The Jupyter extension can run command vscode.commands.executeCommand('notebook.trust', vscode.window.activeNotebookEditor.document.uri); to turn the notebook to trust mode without making the document dirty.

Note that neither the property or the command is finalized. We can discuss what should the core do and what belongs to the notebook provider once we have better understanding of trusted workspace and trusted code execution.

@egamma egamma mentioned this issue Nov 23, 2020
Closed
65 tasks
@rebornix rebornix added the verification-needed Verification of issue is requested label Dec 1, 2020
@mjbvz mjbvz added the verified Verification succeeded label Dec 4, 2020
@mjbvz
Copy link
Collaborator

mjbvz commented Dec 4, 2020

I opened a few UX issues with the current implementation but looks like python is waiting for trusted workspaces:

microsoft/vscode-jupyter#4088
microsoft/vscode-jupyter#4089

@DonJayamanne DonJayamanne mentioned this issue Dec 4, 2020
Closed
@github-actions github-actions bot locked and limited conversation to collaborators Jan 4, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@rebornix rebornix

Labels
notebook under-discussion Issue is under discussion for relevance, priority, approach verification-needed Verification of issue is requested verified Verification succeeded
Projects
None yet
Milestone
November 2020
Development

No branches or pull requests
3 participants
@rebornix @DonJayamanne @mjbvz