[IPython-dev] Some Thoughts on Notebook Security

Carl Smith carl.input@gmail....
Mon Dec 10 20:26:05 CST 2012


Just read back what I'd posted and needed to add: This would not
prevent XSRF attacks in general. You'd still need to check referrers
and so on. It would only prevent the Notebook being used to circumvent
those protections with XSS.

The main point is that we gain nothing by trying to cripple and
sanitise JavaScript in notebooks. I think??


More information about the IPython-dev mailing list