Paulo Pacheco created ZEPPELIN-4952: ---------------------------------------
Summary: Markdown interpreter can be used to store XSS in notebooks. Key: ZEPPELIN-4952 URL: https://issues.apache.org/jira/browse/ZEPPELIN-4952 Project: Zeppelin Issue Type: Bug Reporter: Paulo Pacheco The %md interpreter can be used to store XSS in notebooks. These cells are automatically loaded by the user when opening the notebook, so, no manual user interaction is needed. Also, it doesn't matter if the cell has already a result or not. %md # foo <script>alert(String.fromCharCode(88,83,83))</script> -- This message was sent by Atlassian Jira (v8.3.4#803005)