tiahchia commited on
Commit
1df8851
·
verified ·
1 Parent(s): a28fac5

Update app.py

Browse files
Files changed (1) hide show
  1. app.py +31 -20
app.py CHANGED
@@ -14,17 +14,17 @@ def run_python(code):
14
  output = f.getvalue()
15
  return f'<pre style="color:#00ff00; font-family: monospace;">{html.escape(output)}</pre>'
16
 
17
- # --- Web runner (Blob URL method) ---
18
  def run_web(code):
19
- # If user includes <html> or <!DOCTYPE>, use it as-is
20
  if "<html" in code.lower() or "<!doctype" in code.lower():
21
  html_content = code
22
  else:
23
- # Wrap fragment in a full HTML document
24
  html_content = f"""
25
  <!DOCTYPE html>
26
  <html>
27
  <head>
 
28
  <style>
29
  body {{
30
  font-family: monospace;
@@ -32,6 +32,25 @@ def run_web(code):
32
  color: #00ff00;
33
  padding: 20px;
34
  }}
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
35
  </style>
36
  </head>
37
  <body>
@@ -40,24 +59,16 @@ def run_web(code):
40
  </html>
41
  """
42
 
43
- # --- Blob-based iframe injection ---
44
- # This approach lets images, links, and external scripts work properly.
45
- escaped = html_content.replace("\\", "\\\\").replace("`", "\\`")
 
46
  return f"""
47
- <div id='preview-container' style='width:100%;height:100%;'>
48
- <script>
49
- const htmlContent = `{escaped}`;
50
- const blob = new Blob([htmlContent], {{ type: 'text/html' }});
51
- const url = URL.createObjectURL(blob);
52
- const iframe = document.createElement('iframe');
53
- iframe.style.width = '100%';
54
- iframe.style.height = '100%';
55
- iframe.style.border = 'none';
56
- iframe.style.borderRadius = '8px';
57
- iframe.src = url;
58
- document.currentScript.parentElement.appendChild(iframe);
59
- </script>
60
- </div>
61
  """
62
 
63
  # --- JavaScript runner ---
 
14
  output = f.getvalue()
15
  return f'<pre style="color:#00ff00; font-family: monospace;">{html.escape(output)}</pre>'
16
 
17
+ # --- Web runner (working sandbox-safe version) ---
18
  def run_web(code):
19
+ # Wrap HTML fragment in full document if needed
20
  if "<html" in code.lower() or "<!doctype" in code.lower():
21
  html_content = code
22
  else:
 
23
  html_content = f"""
24
  <!DOCTYPE html>
25
  <html>
26
  <head>
27
+ <meta charset='UTF-8'>
28
  <style>
29
  body {{
30
  font-family: monospace;
 
32
  color: #00ff00;
33
  padding: 20px;
34
  }}
35
+ a {{
36
+ color: #00ffff;
37
+ }}
38
+ img {{
39
+ border-radius: 8px;
40
+ margin-top: 10px;
41
+ }}
42
+ button {{
43
+ background-color: #00ff00;
44
+ color: #1e1e1e;
45
+ border: none;
46
+ border-radius: 4px;
47
+ padding: 6px 12px;
48
+ cursor: pointer;
49
+ margin-top: 10px;
50
+ }}
51
+ button:hover {{
52
+ background-color: #00cc00;
53
+ }}
54
  </style>
55
  </head>
56
  <body>
 
59
  </html>
60
  """
61
 
62
+ # Escape quotes for safe embedding
63
+ safe_html = html_content.replace('"', "&quot;").replace("'", "&apos;")
64
+
65
+ # Allow interactive content inside iframe safely
66
  return f"""
67
+ <iframe
68
+ style="width:100%; height:400px; border:none; border-radius:8px; background:#1e1e1e;"
69
+ sandbox="allow-scripts allow-same-origin allow-forms allow-popups"
70
+ srcdoc="{safe_html}">
71
+ </iframe>
 
 
 
 
 
 
 
 
 
72
  """
73
 
74
  # --- JavaScript runner ---