Skip to content

fix: Escape HTML in display_explanations to prevent stored XSS#6613

Open
instantraaamen wants to merge 1 commit intogoogleapis:mainfrom
instantraaamen:fix-notebook-utils-xss
Open

fix: Escape HTML in display_explanations to prevent stored XSS#6613
instantraaamen wants to merge 1 commit intogoogleapis:mainfrom
instantraaamen:fix-notebook-utils-xss

Conversation

@instantraaamen
Copy link
Copy Markdown

@instantraaamen instantraaamen commented Apr 19, 2026

Description

display_explanations() in notebook_utils.py renders column names and cell values from evaluation DataFrames directly into IPython.display.HTML() without escaping. If a DataFrame contains crafted HTML/JS payloads (e.g. from a shared dataset or model output), they execute in the user's Colab/Jupyter session.

This applies html.escape() to both column headers and cell values before interpolation, matching the pattern already used in _evals_visualization.py.

Fixes both vertexai/evaluation and vertexai/preview/evaluation paths.

Reproducer

import pandas as pd
from unittest.mock import MagicMock

evil_df = pd.DataFrame({
    '<img src=x onerror=alert("XSS")>': ['<script>alert(1)</script>']
})

eval_result = MagicMock()
eval_result.metrics_table = evil_df

from vertexai.evaluation.notebook_utils import display_explanations
display_explanations(eval_result=eval_result)
# Before fix: alert box fires
# After fix: escaped safely

@instantraaamen
fix: Escape HTML in display_explanations to prevent XSS
6ba2292 
Column names and cell values from evaluation DataFrames are rendered
via IPython.display.HTML without sanitization. A crafted DataFrame
(e.g. from a shared dataset or model output) can inject arbitrary
HTML/JS that executes in the Colab/Jupyter session.

Apply html.escape() to both column headers and cell values before
interpolation, consistent with the escaping already used elsewhere
in the codebase.

Fixes both vertexai/evaluation and vertexai/preview/evaluation paths.
@instantraaamen instantraaamen requested a review from a team as a code owner April 19, 2026 20:25
@product-auto-label product-auto-label bot added size: s Pull request size is small. api: vertex-ai Issues related to the googleapis/python-aiplatform API. labels Apr 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

api: vertex-ai Issues related to the googleapis/python-aiplatform API. size: s Pull request size is small.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@instantraaamen