spicebook

warehack.ing/spicebook

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ryan Malloy	3f3ca58521	Add embeddable notebook viewer for Mims library integration New /embed/[id] route renders notebooks in a read-only, chromeless layout for iframe embedding. Supports light/dark themes via URL param and postMessage from the parent window. - EmbedLayout: minimal HTML shell, no navbar/footer - EmbedViewer: fetches notebook, runs simulations, syncs theme - EmbedCell: read-only markdown + SPICE cell renderer - SpiceEditor: added readOnly prop (EditorState.readOnly + editable.of) - embed-theme.css: light mode CSS variable overrides - Astro middleware: CSP frame-ancestors on /embed/* routes - Backend: env-configurable CORS origins, CSP header middleware Security hardening from review: - postMessage origin validation (ALLOWED_MESSAGE_ORIGINS) - markdown XSS fix: isSafeUrl() blocks javascript: URIs in links - escapeHtml now covers single quotes - Notebook ID validated against /^[a-zA-Z0-9_-]+$/ - Theme param normalized at Astro boundary - classList.remove/add instead of className stomping	2026-02-13 15:46:37 -07:00
Ryan Malloy	5a2c5730c0	Add project README and screenshots Document architecture, features, quick start, file format, API endpoints, configuration, roadmap, and tech stack. Include screenshots of the notebook with AC Bode plot and transient step response.	2026-02-13 02:33:13 -07:00

Author

SHA1

Message

Date

Ryan Malloy

3f3ca58521

Add embeddable notebook viewer for Mims library integration

New /embed/[id] route renders notebooks in a read-only, chromeless
layout for iframe embedding. Supports light/dark themes via URL
param and postMessage from the parent window.

- EmbedLayout: minimal HTML shell, no navbar/footer
- EmbedViewer: fetches notebook, runs simulations, syncs theme
- EmbedCell: read-only markdown + SPICE cell renderer
- SpiceEditor: added readOnly prop (EditorState.readOnly + editable.of)
- embed-theme.css: light mode CSS variable overrides
- Astro middleware: CSP frame-ancestors on /embed/* routes
- Backend: env-configurable CORS origins, CSP header middleware

Security hardening from review:
- postMessage origin validation (ALLOWED_MESSAGE_ORIGINS)
- markdown XSS fix: isSafeUrl() blocks javascript: URIs in links
- escapeHtml now covers single quotes
- Notebook ID validated against /^[a-zA-Z0-9_-]+$/
- Theme param normalized at Astro boundary
- classList.remove/add instead of className stomping

2026-02-13 15:46:37 -07:00

Ryan Malloy

5a2c5730c0

Add project README and screenshots

Document architecture, features, quick start, file format, API
endpoints, configuration, roadmap, and tech stack. Include screenshots
of the notebook with AC Bode plot and transient step response.

2026-02-13 02:33:13 -07:00

2 Commits