notebook: Regression: CSS styles in markdown not shown in v6.4.6

Describe the bug

A user reported on mailing list that CSS styles do not work for them. They somewhat incorrectly attributed it to a security fix in version 6.4.3. The facts are:

  • version 6.4.4 contained a fix and worked well
  • version 6.4.5 worked well
  • version 6.4.6 regressed and the styles do not work any more in markdown cells

We saw that in JupyterLab too: https://github.com/jupyterlab/jupyterlab/issues/11473. This is not a result of any deliberate action taken by Jupyter maintainers; instead an update to klona broke sanitize-html which broke allowing to pass styles. I described this in https://github.com/jupyterlab/jupyterlab/issues/11473#issuecomment-974695619; the upstream issue is https://github.com/apostrophecms/sanitize-html/issues/510.

It appears that v6.4.6 was released using releaser. This seems to have pulled a newer version of klona. To counteract that I think that we need to update sanitize-html and to do so we need to bump @jupyterlab/apputils to 3.2.x get https://github.com/jupyterlab/jupyterlab/pull/11510; currently we have:

https://github.com/jupyter/notebook/blob/ea5bfc413f830c6809ca496773a6d1861077a6a9/package.json#L22

To Reproduce Steps to reproduce the behavior:

  1. Create markdown cell
  2. Enter <span style="color: red; font-size: 30px">test</span>
  3. Render cell
  4. See that text is not red and not large

Expected behavior A clear and concise description of what you expected to happen.

Screenshots

Seen in 6.4.6:

image

Expected (and seen in 6.4.4 and 6.4.5):

image

Desktop (please complete the following information):

  • OS: Ubuntu
  • Browser Chrome
  • Version 96

Additional context Add any other context about the problem here.

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 16 (15 by maintainers)

Most upvoted comments

I tested v6.4.7 and it fixes the issue locally for me. @gutow please let us know if the new release helps 😃

In any case, I think we can keep this ticket open to see if we can figure out why there is some installation-sequence dependency as reported by @gutow, but this would require some more user feedback to narrow down when it happens so we can triangulate.

v6.4.7 has been released. 🎉

6.4.7 looks like a fix for this regression! An install into a clean pipenv pip install -U jupyter picks notebook==6.4.7 and the style rendering works.

Thank you.

I do not presently have time to try doing an update to a non-working installation to see if it also properly recovers that. I will try to get to that.