Skip to content

fix: escape user-controlled file_key in service worker injection#9789

Merged
mscolnick merged 1 commit into
mainfrom
ms/new-york-v3
Jun 4, 2026
Merged

fix: escape user-controlled file_key in service worker injection#9789
mscolnick merged 1 commit into
mainfrom
ms/new-york-v3

Conversation

@mscolnick

@mscolnick mscolnick commented Jun 4, 2026

Copy link
Copy Markdown
Contributor

Responsible disclosure from @elvinsuleymanov

Copilot AI review requested due to automatic review settings June 4, 2026 20:52
@vercel

vercel Bot commented Jun 4, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
marimo-docs Ready Ready Preview, Comment Jun 4, 2026 8:53pm

Request Review

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

Architecture diagram
sequenceDiagram
    participant Browser as Browser Client
    participant Server as Marimo Server
    participant Helpers as Templates/_inject_service_worker

    Browser->>Server: GET /notebook/<file_key>
    Server->>Server: Lookup session, notebook
    Server->>Helpers: _inject_service_worker(html, file_key)
    Note over Helpers: file_key is user-controlled (e.g., URL path)
    Helpers->>Helpers: uri_encode_component(file_key)
    Helpers->>Helpers: json_script(...) → safe double‑quoted JSON string
    Note over Helpers: Escapes quotes, <script>, etc. Prevents XSS
    Helpers-->>Server: Modified HTML with safe inline script
    Server-->>Browser: HTTP 200, HTML response
    Browser->>Browser: Execute inline script
    Browser->>Browser: navigator.serviceWorker.register(...)
    Browser->>Browser: registration.active.postMessage({notebookId: safe string})
Loading

Re-trigger cubic

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hardens the service-worker injection path by ensuring the user-controlled file_key is emitted into inline JavaScript as a JSON string literal (rather than directly embedded in a single-quoted JS string), preventing script injection via quote-termination.

Changes:

  • Update _inject_service_worker() to use json_script(uri_encode_component(file_key)) when emitting notebookId.
  • Adjust existing service-worker injection tests to expect a double-quoted JSON string literal.
  • Add a targeted regression test ensuring quote-termination and </script>-style payloads cannot break out of the injected script.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
marimo/_server/api/endpoints/assets.py Emits notebookId via json_script(...) to avoid inline-script injection from user-controlled file_key.
tests/_server/api/endpoints/test_assets.py Updates/extends tests to assert the injected notebookId is a JSON string literal and resistant to malicious payloads.
@mscolnick mscolnick added the bug Something isn't working label Jun 4, 2026
@mscolnick mscolnick merged commit fdd55c8 into main Jun 4, 2026
44 of 45 checks passed
@mscolnick mscolnick deleted the ms/new-york-v3 branch June 4, 2026 21:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug Something isn't working

3 participants