Closed joncarlson closed 2 months ago
Should only be able to load Jupyter Notebooks from the NASA Github organization
This notebook which contains a XSS script (that just console.logs) should throw an error: http://localhost/meditor/notebookviewer?notebookUrl=https://github.com/joncarlson/vuln/blob/main/xss.ipynb
This should render without issue, note that it is from the NASA organization: http://localhost/meditor/notebookviewer/?notebookUrl=https://github.com/nasa/gesdisc-tutorials/blob/main/cloud-tutorials/notebooks/How_to_Access_and_Analyze_GLDAS_Zarr_Stores.ipynb
Should only be able to load Jupyter Notebooks from the NASA Github organization
This notebook which contains a XSS script (that just console.logs) should throw an error: http://localhost/meditor/notebookviewer?notebookUrl=https://github.com/joncarlson/vuln/blob/main/xss.ipynb
This should render without issue, note that it is from the NASA organization: http://localhost/meditor/notebookviewer/?notebookUrl=https://github.com/nasa/gesdisc-tutorials/blob/main/cloud-tutorials/notebooks/How_to_Access_and_Analyze_GLDAS_Zarr_Stores.ipynb