spicebook

warehack.ing/spicebook

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ryan Malloy	99e47685aa	Add Mims verification confirmation for embed bugfixes All 4 embed bugs verified fixed by Mims library testing: postMessage type sync, waveform theme colors, chart remount, and shared component light-mode overrides. Thread closed.	2026-02-13 18:14:52 -07:00
Ryan Malloy	e8ade01662	Fix embed integration bugs from Mims library testing - postMessage type: 'theme-change' → 'spicebook-theme' to match SimulationEmbed.tsx namespace convention - WaveformViewer: read axis/grid/tick colors from CSS custom properties via getComputedStyle instead of hardcoded dark hex - Theme switch forces WaveformViewer remount via React key so uPlot picks up new CSS variable values - Light-mode CSS overrides for shared components (SchematicViewer toolbar, SimulationLog borders, slate utility classes)	2026-02-13 16:31:32 -07:00
Ryan Malloy	3f3ca58521	Add embeddable notebook viewer for Mims library integration New /embed/[id] route renders notebooks in a read-only, chromeless layout for iframe embedding. Supports light/dark themes via URL param and postMessage from the parent window. - EmbedLayout: minimal HTML shell, no navbar/footer - EmbedViewer: fetches notebook, runs simulations, syncs theme - EmbedCell: read-only markdown + SPICE cell renderer - SpiceEditor: added readOnly prop (EditorState.readOnly + editable.of) - embed-theme.css: light mode CSS variable overrides - Astro middleware: CSP frame-ancestors on /embed/* routes - Backend: env-configurable CORS origins, CSP header middleware Security hardening from review: - postMessage origin validation (ALLOWED_MESSAGE_ORIGINS) - markdown XSS fix: isSafeUrl() blocks javascript: URIs in links - escapeHtml now covers single quotes - Notebook ID validated against /^[a-zA-Z0-9_-]+$/ - Theme param normalized at Astro boundary - classList.remove/add instead of className stomping	2026-02-13 15:46:37 -07:00

Author

SHA1

Message

Date

Ryan Malloy

99e47685aa

Add Mims verification confirmation for embed bugfixes

All 4 embed bugs verified fixed by Mims library testing:
postMessage type sync, waveform theme colors, chart remount,
and shared component light-mode overrides. Thread closed.

2026-02-13 18:14:52 -07:00

Ryan Malloy

e8ade01662

Fix embed integration bugs from Mims library testing

- postMessage type: 'theme-change' → 'spicebook-theme' to match
  SimulationEmbed.tsx namespace convention
- WaveformViewer: read axis/grid/tick colors from CSS custom
  properties via getComputedStyle instead of hardcoded dark hex
- Theme switch forces WaveformViewer remount via React key so
  uPlot picks up new CSS variable values
- Light-mode CSS overrides for shared components (SchematicViewer
  toolbar, SimulationLog borders, slate utility classes)

2026-02-13 16:31:32 -07:00

Ryan Malloy

3f3ca58521

Add embeddable notebook viewer for Mims library integration

New /embed/[id] route renders notebooks in a read-only, chromeless
layout for iframe embedding. Supports light/dark themes via URL
param and postMessage from the parent window.

- EmbedLayout: minimal HTML shell, no navbar/footer
- EmbedViewer: fetches notebook, runs simulations, syncs theme
- EmbedCell: read-only markdown + SPICE cell renderer
- SpiceEditor: added readOnly prop (EditorState.readOnly + editable.of)
- embed-theme.css: light mode CSS variable overrides
- Astro middleware: CSP frame-ancestors on /embed/* routes
- Backend: env-configurable CORS origins, CSP header middleware

Security hardening from review:
- postMessage origin validation (ALLOWED_MESSAGE_ORIGINS)
- markdown XSS fix: isSafeUrl() blocks javascript: URIs in links
- escapeHtml now covers single quotes
- Notebook ID validated against /^[a-zA-Z0-9_-]+$/
- Theme param normalized at Astro boundary
- classList.remove/add instead of className stomping

2026-02-13 15:46:37 -07:00

3 Commits