Paulo Pacheco created ZEPPELIN-4952:
---------------------------------------
Summary: Markdown interpreter can be used to store XSS in
notebooks.
Key: ZEPPELIN-4952
URL: https://issues.apache.org/jira/browse/ZEPPELIN-4952
Project: Zeppelin
Issue Type: Bug
Reporter: Paulo Pacheco
The %md interpreter can be used to store XSS in notebooks. These cells are
automatically loaded by the user when opening the notebook, so, no manual user
interaction is needed.
Also, it doesn't matter if the cell has already a result or not.
%md
# foo <script>alert(String.fromCharCode(88,83,83))</script>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
