Security in Jupyter

Jupyter Notebooks are created in order to be shared with other users, in many cases over the internet. However, Jupyter Notebooks can execute arbitrary code and generate arbitrary code. This can be a problem if malicious aspects have been placed in a Notebook. The default security mechanisms for Jupyter Notebooks include the following:

• Raw HTML is always sanitized (checked for malicious coding). Further information can be found at https://developers.google.com/caja.
• You cannot run external JavaScript.
• Cell contents (especially HTML and JavaScript) is not trusted (requires user validation to continue).
• The output from any cell is not trusted.
• All other HTML or JavaScript is never trusted, and clearing the output will cause the Notebook to become trusted when saved.