Nbconvert doesn't have the same functionality for reading XML notebook files. It was using the standard libary ElementTree module to parse HTML for a couple of filters, and this was switched to defusedxml to prevent attacks where a (JSON) notebook containing maliciously crafted HTML was sent to something like Nbviewer. I didn't check how easily exploitable this was; it seemed reasonable to assume it could be exploited, and the fix was easy.
You can see the changes to nbconvert here: https://github.com/jupyter/nbconvert/pull/708 On Sat, 16 Feb 2019 at 02:55, Chris Holdgraf <[email protected]> wrote: > Maybe deprecate it for a release cycle and see if anybody complains once > they see the warning? > > (also I am, in general, always in favor of simplifying things in nbconvert > :-) ) > > On Fri, Feb 15, 2019 at 5:56 PM Matthew Seal <[email protected]> wrote: > >> Do you think we should remove the functionality from nbconvert to >> simplify things there too? >> >> On Thu, Feb 14, 2019 at 1:28 PM Samuel Lelièvre < >> [email protected]> wrote: >> >>> Related: the latest version of nbconvert added defusedxml as a >>> dependency. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Project Jupyter" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/jupyter/13b9ce48-fb1a-48a7-9fdb-b49dbe7df91f%40googlegroups.com >>> <https://groups.google.com/d/msgid/jupyter/13b9ce48-fb1a-48a7-9fdb-b49dbe7df91f%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Project Jupyter" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/jupyter/CAJF6vz4qbJ5%2BY2U8G6SdeUTPcKFxkhW4rnjiQpDT25H2pb4j4Q%40mail.gmail.com >> <https://groups.google.com/d/msgid/jupyter/CAJF6vz4qbJ5%2BY2U8G6SdeUTPcKFxkhW4rnjiQpDT25H2pb4j4Q%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- > You received this message because you are subscribed to the Google Groups > "Project Jupyter" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jupyter/CAD7kTDHfm6sc0T0rT%2BweLpP7LXb3gGCPGGQ7AOiQHxPp%2BLo-Ag%40mail.gmail.com > <https://groups.google.com/d/msgid/jupyter/CAD7kTDHfm6sc0T0rT%2BweLpP7LXb3gGCPGGQ7AOiQHxPp%2BLo-Ag%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Project Jupyter" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jupyter/CAOvn4qi3zc4x5XUoKOAq2nwbNYPc77qrYTJuzeXKoxtzDZ54Fg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
