Project description

jupyterlab-xssguard

This extension is still experimental, not for production use.

A JupyterLab extension that mitigates XSS attacks by sandboxing the HTML output element of code cells.

The extension works by embedding the HTML output of code cells inside a sandboxed iframe, that disallows access to its parent document.

In case of an XSS attack such as CVE-2024-27132, the JavaScript payload will not be able to escape the plugin's sandbox to run arbitrary Python code or access sensitive DOM elements.

No XSSGuard

before

With XSSGuard

after

Requirements

JupyterLab >= 4.0.0

Installation

We recommend installing the extension through JupyterLab's Extension Manager -

install

For a standalone installation, execute:

pip install jupyterlab-xssguard

Project details

These details have not been verified by PyPI

Project links

Release history Release notifications | RSS feed

1.0.1

Aug 7, 2024

This version

1.0.0

Aug 7, 2024

0.1.2a0 pre-release

Jul 30, 2024

0.1.1a0 pre-release

Jul 29, 2024

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

jupyterlab_xssguard-1.0.0.tar.gz (315.0 kB view hashes)

Uploaded Aug 7, 2024 Source

Built Distribution

jupyterlab_xssguard-1.0.0-py3-none-any.whl (22.1 kB view hashes)

Uploaded Aug 7, 2024 Python 3

Hashes for jupyterlab_xssguard-1.0.0.tar.gz

Hashes for jupyterlab_xssguard-1.0.0.tar.gz
Algorithm	Hash digest
SHA256	`3cf69abce37594b48dc0e6e50f0227fc2a177c845fd1d0bf728096b3d05b3906`
MD5	`1dca9ce2589a30356ed87ff1939aa2f8`
BLAKE2b-256	`e76c7f7bd3116154aab1204a0ab5a19b6505fddeee9f7f0520f24e67ed17461b`

Hashes for jupyterlab_xssguard-1.0.0-py3-none-any.whl

Hashes for jupyterlab_xssguard-1.0.0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`334dd526bf64ef6c0ffc74904af2fb75627fe75ea18c22d4f8b8b7086da1c57f`
MD5	`6df9a6fee2574a2fe6e9002fde305cb3`
BLAKE2b-256	`34a939a29e3fa5bae37bd0a9596ae665fb3397fcb17c56eebdf776475e26dc41`