Skip to main content

A JupyterLab extension to insert code block output into iframe.

Project description

jupyterlab-xssguard

Github Actions Status

A JupyterLab extension that mitigates XSS attacks by sandboxing the HTML output element of code cells.

The extension works by embedding the HTML output of code cells inside a sandboxed iframe, that disallows access to its parent document.

In case of an XSS attack such as CVE-2024-27132, the JavaScript payload will not be able to escape the plugin's sandbox to run arbitrary Python code or access sensitive DOM elements.

No XSSGuard

before

With XSSGuard

after

Requirements

  • JupyterLab >= 4.0.0

Installation

We recommend installing the extension through JupyterLab's Extension Manager -

install

For a standalone installation, execute:

pip install jupyterlab-xssguard

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

jupyterlab_xssguard-1.0.1.tar.gz (315.2 kB view details)

Uploaded Source

Built Distribution

jupyterlab_xssguard-1.0.1-py3-none-any.whl (22.0 kB view details)

Uploaded Python 3

File details

Details for the file jupyterlab_xssguard-1.0.1.tar.gz.

File metadata

  • Download URL: jupyterlab_xssguard-1.0.1.tar.gz
  • Upload date:
  • Size: 315.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.12.4

File hashes

Hashes for jupyterlab_xssguard-1.0.1.tar.gz
Algorithm Hash digest
SHA256 a06fcb715401f96170bc41992791a3d22f1b792721184402ea92986cc8ddcfb9
MD5 938bb5746cbf45099617312d9409b063
BLAKE2b-256 7b22bd9c096835eaf28f51e8b3ee5c10afd52d57b351cbc6199bc3b8c5a37a30

See more details on using hashes here.

File details

Details for the file jupyterlab_xssguard-1.0.1-py3-none-any.whl.

File metadata

File hashes

Hashes for jupyterlab_xssguard-1.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 cb25ae4b2a3a3376dbf42229a01b136a59eddfa7e87036ceb39d2d4b2ce320e8
MD5 6eaf5701497640d7c2b8fa26789e90ce
BLAKE2b-256 39060278d8aed6e7aeffb572832b9ab02f800489375645310984ffa4c39f6e90

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page