##// END OF EJS Templates
upstream » ipython
RSS

Clone from https://github.com/ipython/ipython.git

Fix XSS reported on Security list...
Fix XSS reported on Security list No CVE-ID yet August 18, 2015 ----- Reported to Quantopian by Juan Broullón <thebrowfc@gmail.com>... If you create a new folder in the iPython file browser and set Javascript code as its name the code injected will be executed. So, if I create a folder called "><img src=x onerror=alert(document.cookie)> and then I access to it, the cookies will be prompted. The XSS code is also executed if you access a link pointing directly at the folder. jik ------
Paul Ivanov - - Load All Authors

File last commit:

r12222:1ec6f582
r21633:3ab41641
Show More
base.py
56 lines | 1.7 KiB | text/x-python | PythonLexer
/ IPython / nbconvert / writers / base.py
History | Source | Raw |Copy content |Copy permalink
Jonathan Frederic
Added writer classes
 r11369 """
Contains writer base class.
"""
#-----------------------------------------------------------------------------
#Copyright (c) 2013, the IPython Development Team.
#
#Distributed under the terms of the Modified BSD License.
#
#The full license is in the file COPYING.txt, distributed with this software.
#-----------------------------------------------------------------------------
#-----------------------------------------------------------------------------
# Imports
#-----------------------------------------------------------------------------
from IPython.utils.traitlets import List
Jonathan Frederic
Rename utils.config to utils.base
 r11420 from ..utils.base import NbConvertBase
Jonathan Frederic
Added writer classes
 r11369
#-----------------------------------------------------------------------------
# Classes
#-----------------------------------------------------------------------------
Jonathan Frederic
Rename GlobalConfigurable to NbConvertBase
 r11419 class WriterBase(NbConvertBase):
Jonathan Frederic
Added writer classes
 r11369 """Consumes output from nbconvert export...() methods and writes to a
useful location. """
files = List([], config=True, help="""
List of the files that the notebook references. Files will be
included with written output.""")
def __init__(self, config=None, **kw):
"""
Constructor
"""
super(WriterBase, self).__init__(config=config, **kw)
def write(self, output, resources, **kw):
"""
Consume and write Jinja output.
Parameters
----------
output : string
Conversion results. This string contains the file contents of the
converted file.
resources : dict
Resources created and filled by the nbconvert conversion process.
Paul Ivanov
minor typo
 r12222 Includes output from preprocessors, such as the extract figure
preprocessor.
Jonathan Frederic
Added writer classes
 r11369 """
raise NotImplementedError()