[IPython-dev] Some Thoughts on Notebook Security

Carl Smith carl.input at gmail.com
Mon Dec 10 21:26:05 EST 2012

Just read back what I'd posted and needed to add: This would not
prevent XSRF attacks in general. You'd still need to check referrers
and so on. It would only prevent the Notebook being used to circumvent
those protections with XSS.

The main point is that we gain nothing by trying to cripple and
sanitise JavaScript in notebooks. I think??

More information about the IPython-dev mailing list