Security: Untrusted kernel output can execute arbitrary JavaScript in renderer#2180
Closed
tuanaiseo wants to merge 2 commits intonteract:masterfrom
Closed
Conversation
The output renderer explicitly enables `Media.JavaScript` and `Media.HTML` for all kernel outputs. Because kernel responses are treated as trusted, a malicious or compromised kernel (or remote session) can send crafted output that runs script in Atom's renderer context, potentially leading to code execution or credential theft in an Electron app. Affected files: display.tsx, inspector.tsx Signed-off-by: tuanaiseo <221258316+tuanaiseo@users.noreply.github.com>
The output renderer explicitly enables `Media.JavaScript` and `Media.HTML` for all kernel outputs. Because kernel responses are treated as trusted, a malicious or compromised kernel (or remote session) can send crafted output that runs script in Atom's renderer context, potentially leading to code execution or credential theft in an Electron app. Affected files: display.tsx, inspector.tsx Signed-off-by: tuanaiseo <221258316+tuanaiseo@users.noreply.github.com>
aminya
requested changes
Apr 5, 2026
Member
aminya
left a comment
aminya
left a comment
There was a problem hiding this comment.
The fix isn't to removes features that the users relied on.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The output renderer explicitly enables
Media.JavaScriptandMedia.HTMLfor all kernel outputs. Because kernel responses are treated as trusted, a malicious or compromised kernel (or remote session) can send crafted output that runs script in Atom's renderer context, potentially leading to code execution or credential theft in an Electron app.Severity:
criticalFile:
lib/components/result-view/display.tsxSolution
Disable
Media.JavaScriptby default and gate active content behind an explicit trust model (per-kernel/per-document trust prompt). Sanitize HTML with a strict allowlist sanitizer (for example DOMPurify with hardened config), and render untrusted rich outputs in a sandboxed iframe without Node/Electron privileges.Changes
lib/components/result-view/display.tsx(modified)lib/components/inspector.tsx(modified)Testing