The nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their `Content-Security-Policy`. Combined with `nbconver ...
Combined with nbconvert.HTMLExporter 's default non-sanitizing behavior, a notebook carrying an HTML payload in a display_data output triggers stored XSS with cookie access, full /api/* authority, and ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results