Project description

jupyterlab-xssguard

A JupyterLab extension that mitigates XSS attacks by sandboxing the HTML output element of code cells.

The extension works by embedding the HTML output of code cells inside a sandboxed iframe, that disallows access to its parent document.

In case of an XSS attack such as CVE-2024-27132, the JavaScript payload will not be able to escape the plugin's sandbox to run arbitrary Python code or access sensitive DOM elements.

No XSSGuard

before

With XSSGuard

after

Requirements

JupyterLab >= 4.0.0

Installation

We recommend installing the extension through JupyterLab's Extension Manager -

install

For a standalone installation, execute:

pip install jupyterlab-xssguard

Project details

These details have not been verified by PyPI

Project links

Release history Release notifications | RSS feed

This version

1.0.1

Aug 7, 2024

1.0.0

Aug 7, 2024

0.1.2a0 pre-release

Jul 30, 2024

0.1.1a0 pre-release

Jul 29, 2024

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

jupyterlab_xssguard-1.0.1.tar.gz (315.2 kB view hashes)

Uploaded Aug 7, 2024 Source

Built Distribution

jupyterlab_xssguard-1.0.1-py3-none-any.whl (22.0 kB view hashes)

Uploaded Aug 7, 2024 Python 3

Hashes for jupyterlab_xssguard-1.0.1.tar.gz

Hashes for jupyterlab_xssguard-1.0.1.tar.gz
Algorithm	Hash digest
SHA256	`a06fcb715401f96170bc41992791a3d22f1b792721184402ea92986cc8ddcfb9`
MD5	`938bb5746cbf45099617312d9409b063`
BLAKE2b-256	`7b22bd9c096835eaf28f51e8b3ee5c10afd52d57b351cbc6199bc3b8c5a37a30`

Hashes for jupyterlab_xssguard-1.0.1-py3-none-any.whl

Hashes for jupyterlab_xssguard-1.0.1-py3-none-any.whl
Algorithm	Hash digest
SHA256	`cb25ae4b2a3a3376dbf42229a01b136a59eddfa7e87036ceb39d2d4b2ce320e8`
MD5	`6eaf5701497640d7c2b8fa26789e90ce`
BLAKE2b-256	`39060278d8aed6e7aeffb572832b9ab02f800489375645310984ffa4c39f6e90`