Spaces:

tiahchia
/

learningspaces

Running

App Files Files Community

tiahchia commited on Nov 1, 2025

Commit

1df8851

verified ·

1 Parent(s): a28fac5

Update app.py

Browse files

Files changed (1) hide show

app.py +31 -20

app.py CHANGED Viewed

@@ -14,17 +14,17 @@ def run_python(code):
     output = f.getvalue()
     return f'<pre style="color:#00ff00; font-family: monospace;">{html.escape(output)}</pre>'
-# --- Web runner (Blob URL method) ---
 def run_web(code):
-    # If user includes <html> or <!DOCTYPE>, use it as-is
     if "<html" in code.lower() or "<!doctype" in code.lower():
         html_content = code
     else:
-        # Wrap fragment in a full HTML document
         html_content = f"""
         <!DOCTYPE html>
         <html>
         <head>
         <style>
         body {{
             font-family: monospace;
@@ -32,6 +32,25 @@ def run_web(code):
             color: #00ff00;
             padding: 20px;
         }}
         </style>
         </head>
         <body>
@@ -40,24 +59,16 @@ def run_web(code):
         </html>
         """
-    # --- Blob-based iframe injection ---
-    # This approach lets images, links, and external scripts work properly.
-    escaped = html_content.replace("\\", "\\\\").replace("`", "\\`")
     return f"""
-    <div id='preview-container' style='width:100%;height:100%;'>
-    <script>
-    const htmlContent = `{escaped}`;
-    const blob = new Blob([htmlContent], {{ type: 'text/html' }});
-    const url = URL.createObjectURL(blob);
-    const iframe = document.createElement('iframe');
-    iframe.style.width = '100%';
-    iframe.style.height = '100%';
-    iframe.style.border = 'none';
-    iframe.style.borderRadius = '8px';
-    iframe.src = url;
-    document.currentScript.parentElement.appendChild(iframe);
-    </script>
-    </div>
     """
 # --- JavaScript runner ---

     output = f.getvalue()
     return f'<pre style="color:#00ff00; font-family: monospace;">{html.escape(output)}</pre>'
+# --- Web runner (working sandbox-safe version) ---
 def run_web(code):
+    # Wrap HTML fragment in full document if needed
     if "<html" in code.lower() or "<!doctype" in code.lower():
         html_content = code
     else:
         html_content = f"""
         <!DOCTYPE html>
         <html>
         <head>
+        <meta charset='UTF-8'>
         <style>
         body {{
             font-family: monospace;
             color: #00ff00;
             padding: 20px;
         }}
+        a {{
+            color: #00ffff;
+        }}
+        img {{
+            border-radius: 8px;
+            margin-top: 10px;
+        }}
+        button {{
+            background-color: #00ff00;
+            color: #1e1e1e;
+            border: none;
+            border-radius: 4px;
+            padding: 6px 12px;
+            cursor: pointer;
+            margin-top: 10px;
+        }}
+        button:hover {{
+            background-color: #00cc00;
+        }}
         </style>
         </head>
         <body>
         </html>
         """
+    # Escape quotes for safe embedding
+    safe_html = html_content.replace('"', "&quot;").replace("'", "&apos;")
+    # Allow interactive content inside iframe safely
     return f"""
+    <iframe
+        style="width:100%; height:400px; border:none; border-radius:8px; background:#1e1e1e;"
+        sandbox="allow-scripts allow-same-origin allow-forms allow-popups"
+        srcdoc="{safe_html}">
+    </iframe>
     """
 # --- JavaScript runner ---