Lee Moon Soo created ZEPPELIN-5261:
--------------------------------------
Summary: Sandbox HTML result rendering
Key: ZEPPELIN-5261
URL: https://issues.apache.org/jira/browse/ZEPPELIN-5261
Project: Zeppelin
Issue Type: Improvement
Components: GUI
Affects Versions: 0.9.0
Reporter: Lee Moon Soo
Zeppelin display system allows users to render arbitrary HTML results inside a
Note. This includes Javascript inlined in the HTML data to be rendered.
It can be used for a potential xss attack, when a user open a shared notebook
from another user, which includes an exploit code inside HTML result in the
Note.
There could a couple of different approaches to prevent this
a. Don't render HTML results unless the user explicitly 'trust' the Note.
In this way, when a Note includes HTML results, Zeppelin UI can ask the
user if user want to trust and render HTML result or not.
b. Sandbox HTML result rendering using iframe
In this way, HTML result is rendered inside an iframe came from different
domain. Because browser's xss protection, it prevents potential exploits
rendered in iframe access to any data in the parent window (Zeppelin). This
approach is implemented in Google Colab.
IMO, (b) is more favorable while it makes security depends on 'trust' of a
user. However, there's some expected complexity on implementation and
configuration, such as
* Passing result data to render from parent window to the iframe came from a
different domain
* Automatically resize iframe based on its content
* client webbrowser should able to access Iframe domain. Or should able to
configure an alternative domain to load iframe source.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
