upstream/ipython Files · IPython/utils

Fix XSS reported on Security list...

Fix XSS reported on Security list No CVE-ID yet August 18, 2015 ----- Reported to Quantopian by Juan Broullón <thebrowfc@gmail.com>... If you create a new folder in the iPython file browser and set Javascript code as its name the code injected will be executed. So, if I create a folder called "><img src=x onerror=alert(document.cookie)> and then I access to it, the cookies will be prompted. The XSS code is also executed if you access a link pointing directly at the folder. jik ------

Matthias Bussonnier -


            r21633:3ab41641

Name	Size	Modified	Last Commit	Author
/ IPython / utils
tests
PyColorize.py	Loading ...
__init__.py	Loading ...
_process_cli.py	Loading ...
_process_common.py	Loading ...
_process_posix.py	Loading ...
_process_win32.py	Loading ...
_process_win32_controller.py	Loading ...
_sysinfo.py	Loading ...
_tokenize_py2.py	Loading ...
_tokenize_py3.py	Loading ...
capture.py	Loading ...
codeutil.py	Loading ...
coloransi.py	Loading ...
contexts.py	Loading ...
daemonize.py	Loading ...
data.py	Loading ...
decorators.py	Loading ...
dir2.py	Loading ...
doctestreload.py	Loading ...
encoding.py	Loading ...
eventful.py	Loading ...
frame.py	Loading ...
generics.py	Loading ...
importstring.py	Loading ...
io.py	Loading ...
ipstruct.py	Loading ...
jsonutil.py	Loading ...
localinterfaces.py	Loading ...
log.py	Loading ...
module_paths.py	Loading ...
openpy.py	Loading ...
path.py	Loading ...
pickleshare.py	Loading ...
pickleutil.py	Loading ...
process.py	Loading ...
py3compat.py	Loading ...
rlineimpl.py	Loading ...
signatures.py	Loading ...
strdispatch.py	Loading ...
submodule.py	Loading ...
sysinfo.py	Loading ...
syspathcontext.py	Loading ...
tempdir.py	Loading ...
terminal.py	Loading ...
text.py	Loading ...
timing.py	Loading ...
tokenize2.py	Loading ...
tokenutil.py	Loading ...
traitlets.py	Loading ...
tz.py	Loading ...
ulinecache.py	Loading ...
version.py	Loading ...
warn.py	Loading ...
wildcard.py	Loading ...
zmqrelated.py	Loading ...

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages