[IPython-dev] Some Thoughts on Notebook Security
Carl Smith
carl.input at gmail.com
Mon Dec 10 21:26:05 EST 2012
Just read back what I'd posted and needed to add: This would not
prevent XSRF attacks in general. You'd still need to check referrers
and so on. It would only prevent the Notebook being used to circumvent
those protections with XSS.
The main point is that we gain nothing by trying to cripple and
sanitise JavaScript in notebooks. I think??
More information about the IPython-dev
mailing list