A JupyterLab extension to insert code block output into iframe.
Project description
jupyterlab-xssguard
A JupyterLab extension that mitigates XSS attacks by sandboxing the HTML output element of code cells.
The extension works by embedding the HTML output of code cells inside a sandboxed iframe, that disallows access to its parent document.
In case of an XSS attack such as CVE-2024-27132, the JavaScript payload will not be able to escape the plugin's sandbox to run arbitrary Python code or access sensitive DOM elements.
No XSSGuard
With XSSGuard
Requirements
- JupyterLab >= 4.0.0
Installation
We recommend installing the extension through JupyterLab's Extension Manager -
For a standalone installation, execute:
pip install jupyterlab-xssguard
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file jupyterlab_xssguard-1.0.1.tar.gz
.
File metadata
- Download URL: jupyterlab_xssguard-1.0.1.tar.gz
- Upload date:
- Size: 315.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.12.4
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | a06fcb715401f96170bc41992791a3d22f1b792721184402ea92986cc8ddcfb9 |
|
MD5 | 938bb5746cbf45099617312d9409b063 |
|
BLAKE2b-256 | 7b22bd9c096835eaf28f51e8b3ee5c10afd52d57b351cbc6199bc3b8c5a37a30 |
File details
Details for the file jupyterlab_xssguard-1.0.1-py3-none-any.whl
.
File metadata
- Download URL: jupyterlab_xssguard-1.0.1-py3-none-any.whl
- Upload date:
- Size: 22.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.12.4
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | cb25ae4b2a3a3376dbf42229a01b136a59eddfa7e87036ceb39d2d4b2ce320e8 |
|
MD5 | 6eaf5701497640d7c2b8fa26789e90ce |
|
BLAKE2b-256 | 39060278d8aed6e7aeffb572832b9ab02f800489375645310984ffa4c39f6e90 |