Skip to content

HTML injection in download #802

New issue
New issue
Open
Bug
#809
Open
HTML injection in download#802
Bug
#809
Labels
req: Python ShinyRequires some familiarity with Python Shiny
@mccalluc

Description

@mccalluc
mccalluc
opened on Jan 15, 2026

On the download page, update the message:

<script>alert("injection!")</script>

The notebooks will contain the injected html.

  • Escaping?
  • Strip tags?

Metadata

Metadata

Assignees

No one assigned

    Labels

    req: Python ShinyRequires some familiarity with Python Shiny

    Type

    Bug

    Projects

    DP Wizard

    Status

    Pending

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions