upstream/ipython Files · IPython/qt/manager.py

Fix XSS reported on Security list...

Fix XSS reported on Security list No CVE-ID yet August 18, 2015 ----- Reported to Quantopian by Juan Broullón <thebrowfc@gmail.com>... If you create a new folder in the iPython file browser and set Javascript code as its name the code injected will be executed. So, if I create a folder called "><img src=x onerror=alert(document.cookie)> and then I access to it, the cookies will be prompted. The XSS code is also executed if you access a link pointing directly at the folder. jik ------

MinRK - - Load All Authors

File last commit:

r11457:17a57099


                r21633:3ab41641

Download file

             manager.py
        
                    53 lines
            
             | 1.6 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / IPython / qt / manager.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      """ Defines a KernelClient that provides signals and slots.

      """

      from IPython.external.qt import QtCore

      # Local imports

      from IPython.utils.traitlets import Bool, DottedObjectName

      from IPython.kernel import KernelManager

      from IPython.kernel.restarter import KernelRestarter

      from .kernel_mixins import QtKernelManagerMixin, QtKernelRestarterMixin

      class QtKernelRestarter(KernelRestarter, QtKernelRestarterMixin):

          def start(self):

              if self._timer is None:

                  self._timer = QtCore.QTimer()

                  self._timer.timeout.connect(self.poll)

              self._timer.start(self.time_to_dead * 1000)

          def stop(self):

              self._timer.stop()

          def poll(self):

              super(QtKernelRestarter, self).poll()

      class QtKernelManager(KernelManager, QtKernelManagerMixin):

          """A KernelManager with Qt signals for restart"""

          client_class = DottedObjectName('IPython.qt.client.QtKernelClient')

          autorestart = Bool(True, config=True)

          def start_restarter(self):

              if self.autorestart and self.has_kernel:

                  if self._restarter is None:

                      self._restarter = QtKernelRestarter(

                          kernel_manager=self,

                          parent=self,

                          log=self.log,

                      )

                      self._restarter.add_callback(self._handle_kernel_restarted)

                  self._restarter.start()

          def stop_restarter(self):

              if self.autorestart:

                  if self._restarter is not None:

                      self._restarter.stop()

          def _handle_kernel_restarted(self):

              self.kernel_restarted.emit()

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				""" Defines a KernelClient that provides signals and slots.
				"""

				from IPython.external.qt import QtCore

				# Local imports
				from IPython.utils.traitlets import Bool, DottedObjectName

				from IPython.kernel import KernelManager
				from IPython.kernel.restarter import KernelRestarter

				from .kernel_mixins import QtKernelManagerMixin, QtKernelRestarterMixin


				class QtKernelRestarter(KernelRestarter, QtKernelRestarterMixin):

				def start(self):
				if self._timer is None:
				self._timer = QtCore.QTimer()
				self._timer.timeout.connect(self.poll)
				self._timer.start(self.time_to_dead * 1000)

				def stop(self):
				self._timer.stop()

				def poll(self):
				super(QtKernelRestarter, self).poll()


				class QtKernelManager(KernelManager, QtKernelManagerMixin):
				"""A KernelManager with Qt signals for restart"""

				client_class = DottedObjectName('IPython.qt.client.QtKernelClient')
				autorestart = Bool(True, config=True)

				def start_restarter(self):
				if self.autorestart and self.has_kernel:
				if self._restarter is None:
				self._restarter = QtKernelRestarter(
				kernel_manager=self,
				parent=self,
				log=self.log,
				)
				self._restarter.add_callback(self._handle_kernel_restarted)
				self._restarter.start()

				def stop_restarter(self):
				if self.autorestart:
				if self._restarter is not None:
				self._restarter.stop()

				def _handle_kernel_restarted(self):
				self.kernel_restarted.emit()