[IPython-dev] Some Thoughts on Notebook Security

Carl Smith carl.input at gmail.com
Mon Dec 10 21:26:05 EST 2012

Previous message (by thread): [IPython-dev] Some Thoughts on Notebook Security
Next message (by thread): [IPython-dev] Some Thoughts on Notebook Security
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Just read back what I'd posted and needed to add: This would not
prevent XSRF attacks in general. You'd still need to check referrers
and so on. It would only prevent the Notebook being used to circumvent
those protections with XSS.

The main point is that we gain nothing by trying to cripple and
sanitise JavaScript in notebooks. I think??

Previous message (by thread): [IPython-dev] Some Thoughts on Notebook Security
Next message (by thread): [IPython-dev] Some Thoughts on Notebook Security
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the IPython-dev mailing list