I have the following 2 reusability improvement ideas.
I know they may sound utopian, but I think they will be a good addition for the platform.
See the notebook for details:
Hi David, thanks for the feedback!
We canât implement the first one for security reasons: it would allow someone to inject code (through the URL) that runs on your domain. For this reason we think the best approach is to make parameters explicit, as shown here:
As in:
params = new URLSearchParams(new URL(document.baseURI).search)
Your second suggestion is very interesting. Weâve considered a few approaches to parameterizing cells in the past, like import-with but within a notebook. I like the idea of cells-as-functions, though there are some details to work out so itâll require further thought.
For the first one , I was just thinking about simple cell values - string, boolean, number , I think itâll be pretty easy to sanitize. I donât know if this still will pose security issues, I havenât thought about security regarding this matter at all.
For the second one - Yeah, agree , Itâll require more thinking , but I hope this feature(or similar, which allows parameterized cells) will end up implemented in Observable in future
Personally Iâd prefer an stdlib helper over something that can screw up any named cell and gives me no chance for further sanitization.
Since cells are already functions, perhaps a keyword similar to mutable and viewof could be introduced to get a reference to the cellâs outer function?
Unfortunately itâs not enough to just restrict the input types. Imagine you have a notebook thatâs like
enforceAccess = true
And then someone can override that by setting ?enforceAccess=false in the URL. You would lessen the attack surface by restricting what values could be set by URL, but you could still change the behavior of a notebook in unexpected ways. (And, as Fabian points out, if this override happens at the platform layer it doesnât give the author an opportunity to control what happens.)
Yep, exposing the cellâs definition function as functionof foo or something might be possible. The challenge is that youâd have to supply everything that foo references, which is a little brittle and perhaps non-obvious with larger cells; itâd be more robust if you could explicitly tell it which parameters you want to specify and left the others as implicit. Like:
k = 5
x = 8
y = 10 * k * x + 11
Then maybe:
functionof y({x: 42}) // k = 5 is implicit
(Just a sketch; donât get attached to the syntax!)
This functionality is exactly what would be needed for my case: "Recompute with...", or: a way to "climb the ladder of abstraction"
It would be amazing, specifically to map the behavior of an algorithm with a range of values. It would make Observable the best tool for running algorithm simulations!
A couple of API proposals:
y with { x: 42 }
Notebook.call('y', { x: 42 })
The second one would mesh nicely with this other proposal of mine.