[jira] [Created] (ZEPPELIN-4952) Markdown interpreter can be used to store XSS in notebooks.

Paulo Pacheco (Jira) Mon, 13 Jul 2020 11:49:36 -0700

Paulo Pacheco created ZEPPELIN-4952:
---------------------------------------


             Summary: Markdown interpreter can be used to store XSS in 
notebooks.
                 Key: ZEPPELIN-4952
                 URL: https://issues.apache.org/jira/browse/ZEPPELIN-4952
             Project: Zeppelin
          Issue Type: Bug
            Reporter: Paulo Pacheco


The %md interpreter can be used to store XSS in notebooks. These cells are 
automatically loaded by the user when opening the notebook, so, no manual user 
interaction is needed.
 
Also, it doesn't matter if the cell has already a result or not.
 
 
%md
# foo <script>alert(String.fromCharCode(88,83,83))</script>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (ZEPPELIN-4952) Markdown interpreter can be used to store XSS in notebooks.

Reply via email to